Vulnerabilities > CVE-2017-5454 - Information Exposure vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
mozilla
CWE-200
nessus

Summary

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Vulnerable Configurations

Part Description Count
OS
Redhat
13
Application
Mozilla
760

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1201.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas GrA(c)goire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101460
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101460
    titleVirtuozzo 6 : thunderbird (VZLSA-2017-1201)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101460);
      script_version("1.9");
      script_cvs_date("Date: 2018/11/27 13:31:33");
    
      script_cve_id(
        "CVE-2016-10195",
        "CVE-2016-10196",
        "CVE-2016-10197",
        "CVE-2017-5429",
        "CVE-2017-5432",
        "CVE-2017-5433",
        "CVE-2017-5434",
        "CVE-2017-5435",
        "CVE-2017-5436",
        "CVE-2017-5438",
        "CVE-2017-5439",
        "CVE-2017-5440",
        "CVE-2017-5441",
        "CVE-2017-5442",
        "CVE-2017-5443",
        "CVE-2017-5444",
        "CVE-2017-5445",
        "CVE-2017-5446",
        "CVE-2017-5447",
        "CVE-2017-5449",
        "CVE-2017-5451",
        "CVE-2017-5454",
        "CVE-2017-5459",
        "CVE-2017-5460",
        "CVE-2017-5464",
        "CVE-2017-5465",
        "CVE-2017-5466",
        "CVE-2017-5467",
        "CVE-2017-5469"
      );
    
      script_name(english:"Virtuozzo 6 : thunderbird (VZLSA-2017-1201)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "An update for thunderbird is now available for Red Hat Enterprise
    Linux 6 and Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    This update upgrades Thunderbird to version 52.1.0.
    
    Security Fix(es) :
    
    * Multiple flaws were found in the processing of malformed web
    content. A web page containing malicious content could cause
    Thunderbird to crash or, potentially, execute arbitrary code with the
    privileges of the user running Thunderbird. (CVE-2017-5429,
    CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459,
    CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438,
    CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442,
    CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447,
    CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465,
    CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445,
    CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)
    
    Red Hat would like to thank the Mozilla project for reporting these
    issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google
    Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun
    Han Hsiao, Chamal De Silva, Nicolas GrA(c)goire, Holger Fuhrmannek, Atte
    Kettunen, Haik Aftandilian, and Jordi Chancel as the original
    reporters.
    
    Note that Tenable Network Security has attempted to extract the
    preceding description block directly from the corresponding Red Hat
    security advisory. Virtuozzo provides no description for VZLSA
    advisories. Tenable has attempted to automatically clean and format
    it as much as possible without introducing additional issues.");
      # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1201.json
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82d44bae");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-1201");
      script_set_attribute(attribute:"solution", value:
    "Update the affected thunderbird package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["thunderbird-52.1.0-1.vl6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_53_0.NASL
    descriptionThe version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 53. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469) - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5437) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99629
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99629
    titleMozilla Firefox < 53 Multiple Vulnerabilities (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99629);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-6354",
        "CVE-2016-10195",
        "CVE-2016-10196",
        "CVE-2016-10197",
        "CVE-2017-5429",
        "CVE-2017-5430",
        "CVE-2017-5432",
        "CVE-2017-5433",
        "CVE-2017-5434",
        "CVE-2017-5435",
        "CVE-2017-5436",
        "CVE-2017-5437",
        "CVE-2017-5438",
        "CVE-2017-5439",
        "CVE-2017-5440",
        "CVE-2017-5441",
        "CVE-2017-5442",
        "CVE-2017-5443",
        "CVE-2017-5444",
        "CVE-2017-5445",
        "CVE-2017-5446",
        "CVE-2017-5447",
        "CVE-2017-5448",
        "CVE-2017-5449",
        "CVE-2017-5451",
        "CVE-2017-5453",
        "CVE-2017-5454",
        "CVE-2017-5455",
        "CVE-2017-5456",
        "CVE-2017-5458",
        "CVE-2017-5459",
        "CVE-2017-5460",
        "CVE-2017-5461",
        "CVE-2017-5462",
        "CVE-2017-5464",
        "CVE-2017-5465",
        "CVE-2017-5466",
        "CVE-2017-5467",
        "CVE-2017-5468",
        "CVE-2017-5469"
      );
      script_bugtraq_id(92141, 96014, 97940);
      script_xref(name:"MFSA", value:"2017-10");
    
      script_name(english:"Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote macOS or Mac OS X host contains a web browser that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Mozilla Firefox installed on the remote macOS or Mac
    OS X host is prior to 53. It is, therefore, affected by the following
    vulnerabilities :
    
      - Multiple buffer overflow conditions exist in the FLEX
        generated code due to improper validation of certain
        input. An unauthenticated, remote attacker can exploit
        these to execute arbitrary code. (CVE-2016-6354,
        CVE-2017-5469)
    
      - Multiple flaws exist in the Libevent library, within
        files evdns.c and evutil.c, due to improper validation
        of input when handling IP address strings, empty base
        name strings, and DNS packets. An unauthenticated,
        remote attacker can exploit these to cause a denial of
        service condition or the execution of arbitrary code.
        (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,
        CVE-2017-5437)
    
      - Multiple memory corruption issues exist that allow an
        unauthenticated, remote attacker to execute arbitrary
        code. (CVE-2017-5429, CVE-2017-5430)
    
      - A use-after-free error exists in input text selection
        that allows an unauthenticated, remote attacker to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5432)
    
      - A use-after-free error exists in the SMIL animation
        functions when handling animation elements. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5433)
    
      - A use-after-free error exists when redirecting focus
        handling that allows an unauthenticated, remote attacker
        to cause a denial of service condition or the execution
        of arbitrary code. (CVE-2017-5434)
    
      - A use-after-free error exists in design mode
        interactions when handling transaction processing in
        the editor. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition or
        the execution of arbitrary code. (CVE-2017-5435)
    
      - An out-of-bounds write error exists in the Graphite 2
        library when handling specially crafted Graphite fonts.
        An unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5436)
    
      - A use-after-free error exists in the nsAutoPtr()
        function during XSLT processing due to the result
        handler being held by a freed handler. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5438)
    
      - A use-after-free error exists in the Length() function
        in nsTArray when handling template parameters during
        XSLT processing. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition or
        the execution of arbitrary code. (CVE-2017-5439)
    
      - A use-after-free error exists in the txExecutionState
        destructor when processing XSLT content. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5440)
    
      - A use-after-free error exists when holding a selection
        during scroll events. An unauthenticated, remote
        attacker can exploit this to cause a denial of service
        condition or the execution of arbitrary code.
        (CVE-2017-5441)
    
      - A use-after-free error exists when changing styles in
        DOM elements that allows an unauthenticated, remote
        attacker to cause a denial of service condition or the
        execution of arbitrary code. (CVE-2017-5442)
    
      - An out-of-bounds write error exists while decoding
        improperly formed BinHex format archives that allows an
        unauthenticated, remote attacker to cause a denial of
        service condition or the execution of arbitrary code.
        (CVE-2017-5443)
    
      - A buffer overflow condition exists while parsing
        application/http-index-format format content due to
        improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this, via
        improperly formatted data, to disclose out-of-bounds
        memory content. (CVE-2017-5444)
    
      - A flaw exists in nsDirIndexParser.cpp when parsing
        application/http-index-format format content in which
        uninitialized values are used to create an array. An
        unauthenticated, remote attacker can exploit this to
        disclose memory contents. (CVE-2017-5445)
    
      - An out-of-bounds read error exists when handling HTTP/2
        DATA connections to a server that sends DATA frames with
        incorrect content. An unauthenticated, remote attacker
        can exploit to cause a denial of service condition or
        the disclosure of memory contents. (CVE-2017-5446)
    
      - An out-of-bounds read error exists when processing glyph
        widths during text layout. An unauthenticated, remote
        attacker can exploit this to cause a denial of service
        condition or the disclosure of memory contents.
        (CVE-2017-5447)
    
      - An out-of-bounds write error exists in the
        ClearKeyDecryptor::Decrypt() function within file
        ClearKeyDecryptionManager.cpp when decrypting
        Clearkey-encrypted media content. An unauthenticated,
        remote attacker can exploit this to cause a denial of
        service condition or the execution of arbitrary code.
        This vulnerability can only be exploited if a secondary
        mechanism can be used to escape the Gecko Media Plugin
        (GMP) sandbox. (CVE-2017-5448)
    
      - A flaw exists when handling bidirectional Unicode text
        in conjunction with CSS animations that allows an
        unauthenticated, remote attacker to cause a denial of
        service condition or the execution or arbitrary code.
        (CVE-2017-5449)
    
      - A flaw exists in the handling of specially crafted
        'onblur' events. An unauthenticated, remote attacker can
        exploit this, via a specially crafted event, to spoof
        the address bar, making the loaded site appear to be
        different from the one actually loaded. (CVE-2017-5451)
    
      - A flaw exists in the RSS reader preview page due to
        improper sanitization of URL parameters for a feed's
        TITLE element. An unauthenticated, remote attacker can
        exploit this to spoof the TITLE element. However, no
        scripted content can be run. (CVE-2017-5453)
    
      - A flaw exists in the FileSystemSecurity::Forget()
        function within file FileSystemSecurity.cpp when using
        the File Picker due to improper sanitization of input
        containing path traversal sequences. An unauthenticated,
        remote attacker can exploit this to bypass file system
        access protections in the sandbox and read arbitrary
        files on the local file system. (CVE-2017-5454)
    
      - An unspecified flaw exists in the internal feed reader
        APIs when handling messages. An unauthenticated, remote
        attacker can exploit this to escape the sandbox and
        gain elevated privileges if it can be combined with
        another vulnerability that allows remote code execution
        inside the sandboxed process. (CVE-2017-5455)
    
      - A flaw exists in the Entries API when using a file
        system request constructor through an IPC message. An
        unauthenticated, remote attacker can exploit this to
        bypass file system access protections in the sandbox
        and gain read and write access to the local file system.
        (CVE-2017-5456)
    
      - A reflected cross-site scripting (XSS) vulnerability
        exists when dragging and dropping a 'javascript:' URL
        into the address bar due to improper validation of
        input. An unauthenticated, remote attacker can exploit
        this to execute arbitrary script code in a user's
        browser session. (CVE-2017-5458)
    
      - A buffer overflow condition exists in WebGL when
        handling web content due to improper validation of
        certain input. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition or
        the execution of arbitrary code. (CVE-2017-5459)
    
      - A use-after-free error exists in frame selection when
        handling a specially crafted combination of script
        content and key presses by the user. An unauthenticated,
        remote attacker can exploit this to cause a denial of
        service condition or the execution of arbitrary code.
        (CVE-2017-5460)
    
      - An out-of-bounds write error exists in the Network
        Security Services (NSS) library during Base64 decoding
        operations due to insufficient memory being allocated to
        a buffer. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition or
        the execution of arbitrary code. (CVE-2017-5461)
    
      - A flaw exists in the Network Security Services (NSS)
        library during DRBG number generation due to the
        internal state V not correctly carrying bits over. An
        unauthenticated, remote attacker can exploit this to
        potentially cause predictable random number generation.
        (CVE-2017-5462)
    
      - A flaw exists when making changes to DOM content in the
        accessibility tree due to improper validation of certain
        input, which can lead to the DOM tree becoming out of
        sync with the accessibility tree. An unauthenticated,
        remote attacker can exploit this to corrupt memory,
        resulting in a denial of service condition or the
        execution of arbitrary code. (CVE-2017-5464)
    
      - An out-of-bounds read error exists in ConvolvePixel when
        processing SVG content, which allows for otherwise
        inaccessible memory being copied into SVG graphic
        content. An unauthenticated, remote attacker can exploit
        this to disclose memory contents or cause a denial of
        service condition. (CVE-2017-5465)
    
      - A cross-site script (XSS) vulnerability exists due to
        improper handling of data:text/html URL redirects when
        a reload is triggered, which causes the reloaded
        data:text/html page to have its origin set incorrectly.
        An unauthenticated, remote attacker can exploit this,
        via a specially crafted request, to execute arbitrary
        script code in a user's browser session. (CVE-2017-5466)
    
      - A memory corruption issue exists when rendering Skia
        content outside of the bounds of a clipping region due
        to improper validation of certain input. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2017-5467)
    
      - A flaw exists in the developer tools due to an incorrect
        ownership model of privateBrowsing information. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition. (CVE-2017-5468)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Mozilla Firefox version 53 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5469");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'53', severity:SECURITY_HOLE);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-545.NASL
    descriptionThis update to MozillaThunderbird 51.1.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13, boo#1028391, MFSA 2017-09) - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5437: Vulnerabilities in Libevent library - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5454; Sandbox escape allowing file system read access through file picker - CVE-2017-5451: Addressbar spoofing with onblur event - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5406: Segmentation fault in Skia with canvas operations - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5412: Buffer overflow read in SVG filters - CVE-2017-5413: Segmentation fault during bidirectional operations - CVE-2017-5414: File picker can choose incorrect default directory - CVE-2017-5416: Null dereference crash in HttpChannel - CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running - CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses - CVE-2017-5419: Repeated authentication prompts lead to DOS attack - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5421: Print preview spoofing - CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink - CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52 - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8 The following non-security changes are included : - Background images not working and other issues related to embedded images when composing email have been fixed - Google Oauth setup can sometimes not progress to the next step - Clicking on a link in an email may not open this link in the external browser - addon blocklist updates - enable ALSA for systems without PulseAudio - Optionally remove corresponding data files when removing an account - Possibility to copy message filter - Calendar: Event can now be created and edited in a tab - Calendar: Processing of received invitation counter proposals - Chat: Support Twitter Direct Messages - Chat: Liking and favoriting in Twitter - Chat: Removed Yahoo! Messenger support
    last seen2020-06-05
    modified2017-05-08
    plugin id100020
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100020
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-545.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100020);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-5398", "CVE-2017-5399", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5403", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5406", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5410", "CVE-2017-5412", "CVE-2017-5413", "CVE-2017-5414", "CVE-2017-5416", "CVE-2017-5418", "CVE-2017-5419", "CVE-2017-5421", "CVE-2017-5422", "CVE-2017-5426", "CVE-2017-5429", "CVE-2017-5430", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5449", "CVE-2017-5451", "CVE-2017-5454", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5461", "CVE-2017-5462", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5466", "CVE-2017-5467", "CVE-2017-5469");
    
      script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)");
      script_summary(english:"Check for the openSUSE-2017-545 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update to MozillaThunderbird 51.1.0 fixes security issues and
    bugs.
    
    In general, these flaws cannot be exploited through email because
    scripting is disabled when reading mail, but are potentially risks in
    browser or browser-like contexts.
    
    The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13,
    boo#1028391, MFSA 2017-09)
    
      - CVE-2017-5443: Out-of-bounds write during BinHex
        decoding
    
      - CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
        Firefox ESR 45.9, and Firefox ESR 52.1
    
      - CVE-2017-5464: Memory corruption with accessibility and
        DOM manipulation
    
      - CVE-2017-5465: Out-of-bounds read in ConvolvePixel
    
      - CVE-2017-5466: Origin confusion when reloading isolated
        data:text/html URL
    
      - CVE-2017-5467: Memory corruption when drawing Skia
        content
    
      - CVE-2017-5460: Use-after-free in frame selection
    
      - CVE-2017-5449: Crash during bidirectional unicode
        manipulation with animation
    
      - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
        frames are sent with incorrect data
    
      - CVE-2017-5447: Out-of-bounds read during glyph
        processing
    
      - CVE-2017-5444: Buffer overflow while parsing
        application/http-index-format content
    
      - CVE-2017-5445: Uninitialized values used while parsing
        application/http-index-format content
    
      - CVE-2017-5442: Use-after-free during style changes
    
      - CVE-2017-5469: Potential Buffer overflow in
        flex-generated code
    
      - CVE-2017-5440: Use-after-free in txExecutionState
        destructor during XSLT processing
    
      - CVE-2017-5441: Use-after-free with selection during
        scroll events
    
      - CVE-2017-5439: Use-after-free in nsTArray Length()
        during XSLT processing
    
      - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT
        processing
    
      - CVE-2017-5437: Vulnerabilities in Libevent library
    
      - CVE-2017-5436: Out-of-bounds write with malicious font
        in Graphite 2
    
      - CVE-2017-5435: Use-after-free during transaction
        processing in the editor
    
      - CVE-2017-5434: Use-after-free during focus handling
    
      - CVE-2017-5433: Use-after-free in SMIL animation
        functions
    
      - CVE-2017-5432: Use-after-free in text input selection
    
      - CVE-2017-5430: Memory safety bugs fixed in Firefox 53
        and Firefox ESR 52.1
    
      - CVE-2017-5459: Buffer overflow in WebGL
    
      - CVE-2017-5454; Sandbox escape allowing file system read
        access through file picker
    
      - CVE-2017-5451: Addressbar spoofing with onblur event
    
      - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
    
      - CVE-2017-5401: Memory Corruption when handling
        ErrorResult
    
      - CVE-2017-5402: Use-after-free working with events in
        FontFace objects
    
      - CVE-2017-5403: Use-after-free using addRange to add
        range to an incorrect root object
    
      - CVE-2017-5404: Use-after-free working with ranges in
        selections
    
      - CVE-2017-5406: Segmentation fault in Skia with canvas
        operations 
    
      - CVE-2017-5407: Pixel and history stealing via
        floating-point timing side channel with SVG filters
    
      - CVE-2017-5410: Memory corruption during JavaScript
        garbage collection incremental sweeping
    
      - CVE-2017-5408: Cross-origin reading of video captions in
        violation of CORS
    
      - CVE-2017-5412: Buffer overflow read in SVG filters
    
      - CVE-2017-5413: Segmentation fault during bidirectional
        operations
    
      - CVE-2017-5414: File picker can choose incorrect default
        directory
    
      - CVE-2017-5416: Null dereference crash in HttpChannel
    
      - CVE-2017-5426: Gecko Media Plugin sandbox is not started
        if seccomp-bpf filter is running
    
      - CVE-2017-5418: Out of bounds read when parsing HTTP
        digest authorization responses
    
      - CVE-2017-5419: Repeated authentication prompts lead to
        DOS attack
    
      - CVE-2017-5405: FTP response codes can cause use of
        uninitialized values for ports
    
      - CVE-2017-5421: Print preview spoofing
    
      - CVE-2017-5422: DOS attack by using view-source: protocol
        repeatedly in one hyperlink
    
      - CVE-2017-5399: Memory safety bugs fixed in Thunderbird
        52
    
      - CVE-2017-5398: Memory safety bugs fixed in Thunderbird
        52 and Thunderbird 45.8
    
    The following non-security changes are included :
    
      - Background images not working and other issues related
        to embedded images when composing email have been fixed
    
      - Google Oauth setup can sometimes not progress to the
        next step
    
      - Clicking on a link in an email may not open this link in
        the external browser
    
      - addon blocklist updates
    
      - enable ALSA for systems without PulseAudio
    
      - Optionally remove corresponding data files when removing
        an account
    
      - Possibility to copy message filter
    
      - Calendar: Event can now be created and edited in a tab
    
      - Calendar: Processing of received invitation counter
        proposals
    
      - Chat: Support Twitter Direct Messages
    
      - Chat: Liking and favoriting in Twitter
    
      - Chat: Removed Yahoo! Messenger support"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1035082"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaThunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-buildsymbols-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-debuginfo-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-debugsource-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-devel-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-common-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaThunderbird-translations-other-52.1.0-42.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-buildsymbols-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debuginfo-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debugsource-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-devel-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-common-52.1.0-41.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-other-52.1.0-41.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1201.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.
    last seen2020-05-31
    modified2017-05-08
    plugin id100021
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100021
    titleRHEL 6 / 7 : thunderbird (RHSA-2017:1201)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170508_THUNDERBIRD_ON_SL6_X.NASL
    descriptionThis update upgrades Thunderbird to version 52.1.0. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)
    last seen2020-05-31
    modified2017-05-09
    plugin id100049
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100049
    titleScientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20170508)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3260-2.NASL
    descriptionUSN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100153
    published2017-05-12
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100153
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3260-1.NASL
    descriptionMultiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99626
    published2017-04-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99626
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2235-1.NASL
    descriptionThis update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed : - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes : - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. - Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2017-08-23
    plugin id102694
    published2017-08-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102694
    titleSUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_52_1_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469) - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5437) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99628
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99628
    titleMozilla Firefox ESR < 52.1 Multiple Vulnerabilities (macOS)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_52_1.NASL
    descriptionThe version of Mozilla Thunderbird installed on the remote Windows host is prior to 52.1 It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99968
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99968
    titleMozilla Thunderbird < 52.1 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_5E0A038ACA30416DA2F538CBF5E7DF33.NASL
    descriptionMozilla Foundation reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id99496
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99496
    titleFreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_53_0.NASL
    descriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 53. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469) - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5437) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99632
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99632
    titleMozilla Firefox < 53 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3278-1.NASL
    descriptionMultiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5469, CVE-2017-10195, CVE-2017-10196, CVE-2017-10197) A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100249
    published2017-05-17
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100249
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3278-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_52_1.NASL
    descriptionThe version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99967
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99967
    titleMozilla Thunderbird < 52.1 Multiple Vulnerabilities (macOS)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1092.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469,CVE-2016-10195,CVE-2016-10196,CVE-2016-10 197) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100687
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100687
    titleEulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1092)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1201.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.
    last seen2020-05-31
    modified2017-05-10
    plugin id100065
    published2017-05-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100065
    titleCentOS 6 / 7 : thunderbird (CESA-2017:1201)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1106.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gregoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro
    last seen2020-06-01
    modified2020-06-02
    plugin id99539
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99539
    titleCentOS 7 : firefox (CESA-2017:1106)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170420_FIREFOX_ON_SL7_X.NASL
    descriptionThis update upgrades Firefox to version 52.1.0 ESR. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)
    last seen2020-05-31
    modified2017-04-24
    plugin id99619
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99619
    titleScientific Linux Security Update : firefox on SL7.x x86_64 (20170420)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1106.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas GrA(c)goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro
    last seen2020-06-01
    modified2020-06-02
    plugin id101457
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101457
    titleVirtuozzo 7 : firefox (VZLSA-2017-1106)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1093.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469,CVE-2016-10195,CVE-2016-10196,CVE-2016-10 197) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-06-09
    plugin id100688
    published2017-06-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100688
    titleEulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1093)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1106.NASL
    descriptionFrom Red Hat Security Advisory 2017:1106 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gregoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro
    last seen2020-05-31
    modified2017-04-21
    plugin id99565
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99565
    titleOracle Linux 7 : firefox (ELSA-2017-1106)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_52_1_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote Windows host is 52.x prior to 52.1. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469) - Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5437) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429, CVE-2017-5430) - A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432) - A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433) - A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434) - A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435) - An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436) - A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438) - A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439) - A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440) - A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5441) - A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442) - An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5443) - A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444) - A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445) - An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446) - An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5447) - An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448) - A flaw exists when handling bidirectional Unicode text in conjunction with CSS animations that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-5449) - A flaw exists in the handling of specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id99631
    published2017-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99631
    titleMozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0110_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5459) - An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5447) - An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5446) - A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5449) - A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5442) - An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5443) - A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5444) - A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5441) - A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5467) - A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5454) - A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5451) - A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5432) - A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5460) - During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5464) - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5469) - An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5465) - If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5466) - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5433) - A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5434) - A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5438) - A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5439) - A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5435) - Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5398) - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5400) - A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5401) - A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5402) - A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5404) - Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (CVE-2017-5405) - Using SVG filters that don
    last seen2020-06-01
    modified2020-06-02
    plugin id127347
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127347
    titleNewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1201.NASL
    descriptionFrom Red Hat Security Advisory 2017:1201 : An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gregoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.
    last seen2020-05-31
    modified2017-05-09
    plugin id100045
    published2017-05-09
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100045
    titleOracle Linux 6 / 7 : thunderbird (ELSA-2017-1201)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1106.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gregoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro
    last seen2020-05-31
    modified2017-04-21
    plugin id99572
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99572
    titleRHEL 7 : firefox (RHSA-2017:1106)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1669-1.NASL
    descriptionThe Mozilla Firefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960) : - MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder - MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading - MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners - MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when regenerating trees - MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input - MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements - MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla Maintenance Service - MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library - MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo object - MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox Installer with same directory DLL files - MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging XHR header errors - MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB - MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as spaces - MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable files - MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082) - MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library - MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding - MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM manipulation - MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel - MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated data:text/html URL - MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content - MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection - MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS - MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode manipulation with animation - MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing - MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing application/http-index-format content - MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing application/http- index-format content - MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes - MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated code - MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll events - MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing in the editor - MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling - MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions - MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection - MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL - MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS - MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader APIs - MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read access through file picker - MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system access - MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101055
    published2017-06-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101055
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)

Redhat

advisories
  • rhsa
    idRHSA-2017:1106
  • rhsa
    idRHSA-2017:1201
rpms
  • firefox-0:52.1.0-2.el7_3
  • firefox-debuginfo-0:52.1.0-2.el7_3
  • thunderbird-0:52.1.0-1.el6_9
  • thunderbird-0:52.1.0-1.el7_3
  • thunderbird-debuginfo-0:52.1.0-1.el6_9
  • thunderbird-debuginfo-0:52.1.0-1.el7_3