Vulnerabilities > CVE-2017-5382 - Information Exposure vulnerability in Mozilla Firefox

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mozilla
CWE-200
nessus

Summary

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Vulnerable Configurations

Part Description Count
Application
Mozilla
466

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_51.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96776
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96776
    titleMozilla Firefox < 51.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96776);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2017-5373",
        "CVE-2017-5374",
        "CVE-2017-5375",
        "CVE-2017-5376",
        "CVE-2017-5377",
        "CVE-2017-5378",
        "CVE-2017-5379",
        "CVE-2017-5380",
        "CVE-2017-5381",
        "CVE-2017-5382",
        "CVE-2017-5383",
        "CVE-2017-5384",
        "CVE-2017-5385",
        "CVE-2017-5386",
        "CVE-2017-5387",
        "CVE-2017-5388",
        "CVE-2017-5389",
        "CVE-2017-5390",
        "CVE-2017-5391",
        "CVE-2017-5393",
        "CVE-2017-5396"
      );
      script_bugtraq_id(
        95757,
        95758,
        95759,
        95761,
        95762,
        95763,
        95769
      );
      script_xref(name:"MFSA", value:"2017-01");
    
      script_name(english:"Mozilla Firefox < 51.0 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Mozilla Firefox installed on the remote Windows host
    is prior to 51.0. It is, therefore, affected by multiple
    vulnerabilities :
    
      - Mozilla developers and community members Christian
        Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom
        Schuster, and Oriol reported memory safety bugs present
        in Firefox 50.1 and Firefox ESR 45.6. Some of these
        bugs showed evidence of memory corruption and we
        presume that with enough effort that some of these
        could be exploited to run arbitrary code.
        (CVE-2017-5373)
    
      - Mozilla developers and community members Gary Kwong,
        Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew
        McCreight, Chris Pearce, Ronald Crane, Jan de Mooij,
        Julian Seward, Nicolas Pierron, Randell Jesup, Esther
        Monchari, Honza Bambas, and Philipp reported memory
        safety bugs present in Firefox 50.1. Some of these bugs
        showed evidence of memory corruption and we presume
        that with enough effort that some of these could be
        exploited to run arbitrary code. (CVE-2017-5374)
    
      - JIT code allocation can allow for a bypass of ASLR and
        DEP protections leading to potential memory corruption
        attacks. (CVE-2017-5375)
    
      - Use-after-free while manipulating XSL in XSLT documents
        (CVE-2017-5376)
    
      - A memory corruption vulnerability in Skia that can
        occur when using transforms to make gradients,
        resulting in a potentially exploitable crash.
        (CVE-2017-5377)
    
      - Hashed codes of JavaScript objects are shared between
        pages. This allows for pointer leaks because an object's
        address can be discovered through hash codes, and also
        allows for data leakage of an object's content using
        these hash codes. (CVE-2017-5378)
    
      - Use-after-free vulnerability in Web Animations when
        interacting with cycle collection found through
        fuzzing. (CVE-2017-5379)
    
      - A potential use-after-free found through fuzzing during
        DOM manipulation of SVG content. (CVE-2017-5380)
    
      - The 'export' function in the Certificate Viewer can
        force local filesystem navigation when the 'common
        name' in a certificate contains slashes, allowing
        certificate content to be saved in unsafe locations
        with an arbitrary filename. (CVE-2017-5381)
    
      - Feed preview for RSS feeds can be used to capture
        errors and exceptions generated by privileged content,
        allowing for the exposure of internal information not
        meant to be seen by web content. (CVE-2017-5382)
    
      - URLs containing certain unicode glyphs for alternative
        hyphens and quotes do not properly trigger punycode
        display, allowing for domain name spoofing attacks in
        the location bar. (CVE-2017-5383)
    
      - Proxy Auto-Config (PAC) files can specify a JavaScript
        function called for all URL requests with the full URL
        path which exposes more information than would be sent
        to the proxy itself in the case of HTTPS. Normally the
        Proxy Auto-Config file is specified by the user or
        machine owner and presumed to be non-malicious, but if
        a user has enabled Web Proxy Auto Detect (WPAD) this
        file can be served remotely. (CVE-2017-5384)
    
      - Data sent with in multipart channels, such as the
        multipart/x-mixed-replace MIME type, will ignore the
        referrer-policy response header, leading to potential
        information disclosure for sites using this header.
        (CVE-2017-5385)
    
      - WebExtension scripts can use the 'data:' protocol to
        affect pages loaded by other web extensions using this
        protocol, leading to potential data disclosure or
        privilege escalation in affected extensions.
        (CVE-2017-5386)
    
      - The existence of a specifically requested local file
        can be found due to the double firing of the 'onerror'
        when the 'source' attribute on a <track> tag refers to
        a file that does not exist if the source page is loaded
        locally. (CVE-2017-5387)
    
      - A STUN server in conjunction with a large number of
        'webkitRTCPeerConnection' objects can be used to send
        large STUN packets in a short period of time due to a
        lack of rate limiting being applied on e10s systems,
        allowing for a denial of service attack. (CVE-2017-5388)
    
      - WebExtensions could use the 'mozAddonManager' API by
        modifying the CSP headers on sites with the appropriate
        permissions and then using host requests to redirect
        script loads to a malicious site. This allows a
        malicious extension to then install additional
        extensions without explicit user permission.
        (CVE-2017-5389)
    
      - The JSON viewer in the Developer Tools uses insecure
        methods to create a communication channel for copying
        and viewing JSON or HTTP headers data, allowing for
        potential privilege escalation. (CVE-2017-5390)
    
      - Special 'about:' pages used by web content, such as RSS
        feeds, can load privileged 'about:' pages in an iframe.
        If a content-injection bug were found in one of those
        pages this could allow for potential privilege
        escalation. (CVE-2017-5391)
    
      - The 'mozAddonManager' allows for the installation of
        extensions from the CDN for addons.mozilla.org, a
        publicly accessible site. This could allow malicious
        extensions to install additional extensions from the CDN
        in combination with an XSS attack on Mozilla AMO sites.
        (CVE-2017-5393)
    
      - A use-after-free vulnerability in the Media Decoder
        when working with media files when some events are
        fired after the media elements are freed from memory.
        (CVE-2017-5396)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Mozilla security advisories.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues.");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1017616");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1255474");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1281482");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1288561");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1293327");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295023");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295322");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295747");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1295945");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1297808");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1300145");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1302231");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1306883");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1307458");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1308688");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309198");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309282");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1309310");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1311319");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1313385");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1315447");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1317501");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1318766");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319456");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319888");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1321374");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322305");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1324810");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325344");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1329989");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058");
      # https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4d11b233");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Mozilla Firefox version 51.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5396");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', fix:'51.0', severity:SECURITY_HOLE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-187.NASL
    descriptionThis update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) - CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bmo#1312001, bmo#1330769, boo#1021818) - CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) - CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) - CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) - CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) - CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) - CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) - CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) - CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) - CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) - CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) - CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) - CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) - CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) - CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) - CVE-2017-5374: Memory safety bugs (boo#1021841) - CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed : - Added support for FLAC (Free Lossless Audio Codec) playback - Added support for WebGL 2 - Added Georgian (ka) and Kabyle (kab) locales - Support saving passwords for forms without
    last seen2020-06-05
    modified2017-02-02
    plugin id96940
    published2017-02-02
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96940
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2017-187)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-187.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96940);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5392", "CVE-2017-5393", "CVE-2017-5394", "CVE-2017-5395", "CVE-2017-5396");
    
      script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)");
      script_summary(english:"Check for the openSUSE-2017-187 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for MozillaFirefox to version 51.0.1 fixes security issues
    and bugs.
    
    These security issues were fixed :
    
      - CVE-2017-5375: Excessive JIT code allocation allows
        bypass of ASLR and DEP (bmo#1325200, boo#1021814)
    
      - CVE-2017-5376: Use-after-free in XSL (bmo#1311687,
        boo#1021817) CVE-2017-5377: Memory corruption with
        transforms to create gradients in Skia (bmo#1306883,
        boo#1021826)
    
      - CVE-2017-5378: Pointer and frame data leakage of
        JavaScript objects (bmo#1312001, bmo#1330769,
        boo#1021818)
    
      - CVE-2017-5379: Use-after-free in Web Animations
        (bmo#1309198,boo#1021827)
    
      - CVE-2017-5380: Potential use-after-free during DOM
        manipulations (bmo#1322107, boo#1021819)
    
      - CVE-2017-5390: Insecure communication methods in
        Developer Tools JSON viewer (bmo#1297361, boo#1021820)
    
      - CVE-2017-5389: WebExtensions can install additional
        add-ons via modified host requests (bmo#1308688,
        boo#1021828)
    
      - CVE-2017-5396: Use-after-free with Media Decoder
        (bmo#1329403, boo#1021821)
    
      - CVE-2017-5381: Certificate Viewer exporting can be used
        to navigate and save to arbitrary filesystem locations
        (bmo#1017616, boo#1021830)
    
      - CVE-2017-5382: Feed preview can expose privileged
        content errors and exceptions (bmo#1295322, boo#1021831)
    
      - CVE-2017-5383: Location bar spoofing with unicode
        characters (bmo#1323338, bmo#1324716, boo#1021822)
    
      - CVE-2017-5384: Information disclosure via Proxy
        Auto-Config (PAC) (bmo#1255474, boo#1021832)
    
      - CVE-2017-5385: Data sent in multipart channels ignores
        referrer-policy response headers (bmo#1295945,
        boo#1021833)
    
      - CVE-2017-5386: WebExtensions can use data: protocol to
        affect other extensions (bmo#1319070, boo#1021823)
    
      - CVE-2017-5391: Content about: pages can load privileged
        about: pages (bmo#1309310, boo#1021835)
    
      - CVE-2017-5393: Remove addons.mozilla.org CDN from
        whitelist for mozAddonManager (bmo#1309282, boo#1021837)
    
      - CVE-2017-5387: Disclosure of local file existence
        through TRACK tag error messages (bmo#1295023,
        boo#1021839)
    
      - CVE-2017-5388: WebRTC can be used to generate a large
        amount of UDP traffic for DDOS attacks (bmo#1281482,
        boo#1021840)
    
      - CVE-2017-5374: Memory safety bugs (boo#1021841)
    
      - CVE-2017-5373: Memory safety bugs (boo#1021824)
    
    These non-security issues in MozillaFirefox were fixed :
    
      - Added support for FLAC (Free Lossless Audio Codec)
        playback
    
      - Added support for WebGL 2
    
      - Added Georgian (ka) and Kabyle (kab) locales
    
      - Support saving passwords for forms without 'submit'
        events
    
      - Improved video performance for users without GPU
        acceleration
    
      - Zoom indicator is shown in the URL bar if the zoom level
        is not at default level
    
      - View passwords from the prompt before saving them
    
      - Remove Belarusian (be) locale
    
      - Use Skia for content rendering (Linux)
    
      - Improve recognition of LANGUAGE env variable
        (boo#1017174)
    
      - Multiprocess incompatibility did not correctly register
        with some add-ons (bmo#1333423)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021817"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021820"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021841"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaFirefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-branding-upstream-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-devel-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-common-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-other-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-branding-upstream-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-buildsymbols-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debuginfo-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debugsource-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-devel-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-common-51.0.1-50.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-other-51.0.1-50.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3175-2.NASL
    descriptionUSN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object
    last seen2020-06-01
    modified2020-06-02
    plugin id97047
    published2017-02-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97047
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3175-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97047);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5393", "CVE-2017-5396");
      script_xref(name:"USN", value:"3175-2");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
    regression on systems where the AppArmor profile for Firefox is set to
    enforce mode. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Multiple memory safety issues were discovered in Firefox. If a user
    were tricked in to opening a specially crafted website, an attacker
    could potentially exploit these to cause a denial of service via
    application crash, or execute arbitrary code. (CVE-2017-5373,
    CVE-2017-5374)
    
    JIT code allocation can allow a bypass of ASLR protections
    in some circumstances. If a user were tricked in to opening
    a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2017-5375)
    
    Nicolas Gregoire discovered a use-after-free when
    manipulating XSL in XSLT documents in some circumstances. If
    a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause
    a denial of service via application crash, or execute
    arbitrary code. (CVE-2017-5376)
    
    Atte Kettunen discovered a memory corruption issue in Skia
    in some circumstances. If a user were tricked in to opening
    a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2017-5377)
    
    Jann Horn discovered that an object's address could be
    discovered through hashed codes of JavaScript objects shared
    between pages. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially
    exploit this to obtain sensitive information.
    (CVE-2017-5378)
    
    A use-after-free was discovered in Web Animations in some
    circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2017-5379)
    
    A use-after-free was discovered during DOM manipulation of
    SVG content in some circumstances. If a user were tricked in
    to opening a specially crafted website, an attacker could
    potentially exploit this to cause a denial of service via
    application crash, or execute arbitrary code.
    (CVE-2017-5380)
    
    Jann Horn discovered that the 'export' function in the
    Certificate Viewer can force local filesystem navigation
    when the Common Name contains slashes. If a user were
    tricked in to exporting a specially crafted certificate, an
    attacker could potentially exploit this to save content with
    arbitrary filenames in unsafe locations. (CVE-2017-5381)
    
    Jerri Rice discovered that the Feed preview for RSS feeds
    can be used to capture errors and exceptions generated by
    privileged content. An attacker could potentially exploit
    this to obtain sensitive information. (CVE-2017-5382)
    
    Armin Razmjou discovered that certain unicode glyphs do not
    trigger punycode display. An attacker could potentially
    exploit this to spoof the URL bar contents. (CVE-2017-5383)
    
    Paul Stone and Alex Chapman discovered that the full URL
    path is exposed to JavaScript functions specified by Proxy
    Auto-Config (PAC) files. If a user has enabled Web Proxy
    Auto Detect (WPAD), an attacker could potentially exploit
    this to obtain sensitive information. (CVE-2017-5384)
    
    Muneaki Nishimura discovered that data sent in multipart
    channels will ignore the Referrer-Policy response headers.
    An attacker could potentially exploit this to obtain
    sensitive information. (CVE-2017-5385)
    
    Muneaki Nishimura discovered that WebExtensions can affect
    other extensions using the data: protocol. If a user were
    tricked in to installing a specially crafted addon, an
    attacker could potentially exploit this to obtain sensitive
    information or gain additional privileges. (CVE-2017-5386)
    
    Mustafa Hasan discovered that the existence of local files
    can be determined using the <track> element. An attacker
    could potentially exploit this to obtain sensitive
    information. (CVE-2017-5387)
    
    Cullen Jennings discovered that WebRTC can be used to
    generate large amounts of UDP traffic. An attacker could
    potentially exploit this to conduct Distributed
    Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
    
    Kris Maglione discovered that WebExtensions can use the
    mozAddonManager API by modifying the CSP headers on sites
    with the appropriate permissions and then using host
    requests to redirect script loads to a malicious site. If a
    user were tricked in to installing a specially crafted
    addon, an attacker could potentially exploit this to install
    additional addons without user permission. (CVE-2017-5389)
    
    Jerri Rice discovered insecure communication methods in the
    Dev Tools JSON Viewer. An attacker could potentially exploit
    this to gain additional privileges. (CVE-2017-5390)
    
    Jerri Rice discovered that about: pages used by content can
    load privileged about: pages in iframes. An attacker could
    potentially exploit this to gain additional privileges, in
    combination with a content-injection bug in one of those
    about: pages. (CVE-2017-5391)
    
    Stuart Colville discovered that mozAddonManager allows for
    the installation of extensions from the CDN for
    addons.mozilla.org, a publicly accessible site. If a user
    were tricked in to installing a specially crafted addon, an
    attacker could potentially exploit this, in combination with
    a cross-site scripting (XSS) attack on Mozilla's AMO sites,
    to install additional addons. (CVE-2017-5393)
    
    Filipe Gomes discovered a use-after-free in the media
    decoder in some circumstances. If a user were tricked in to
    opening a specially crafted website, an attacker could
    potentially exploit this to cause a denial of service via
    application crash, or execute arbitrary code.
    (CVE-2017-5396).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3175-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"firefox", pkgver:"51.0.1+build2-0ubuntu0.12.04.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"firefox", pkgver:"51.0.1+build2-0ubuntu0.14.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"51.0.1+build2-0ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"firefox", pkgver:"51.0.1+build2-0ubuntu0.16.10.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E60169C4AA8646B08AE20D81F683DF09.NASL
    descriptionMozilla Foundation reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id96743
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96743
    titleFreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_51.NASL
    descriptionThe version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 51. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96774
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96774
    titleMozilla Firefox < 51 Multiple Vulnerabilities (macOS)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3175-1.NASL
    descriptionMultiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object
    last seen2020-06-01
    modified2020-06-02
    plugin id96872
    published2017-01-30
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96872
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)