Vulnerabilities > CVE-2017-7843 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_52_5_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 105212 published 2017-12-13 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105212 title Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105212); script_version("1.4"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_cve_id("CVE-2017-7843", "CVE-2017-7845"); script_bugtraq_id(102112, 102115); script_xref(name:"MFSA", value:"2017-28"); script_name(english:"Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox ESR version 52.5.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/07"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'52.5.2', min:'52', severity:SECURITY_HOLE);
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201802-03.NASL description The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 106884 published 2018-02-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106884 title GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201802-03. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(106884); script_version("3.4"); script_cvs_date("Date: 2019/04/05 23:25:06"); script_cve_id("CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5461", "CVE-2017-5462", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5469", "CVE-2017-5470", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7753", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7775", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778", "CVE-2017-7779", "CVE-2017-7784", "CVE-2017-7785", "CVE-2017-7786", "CVE-2017-7787", "CVE-2017-7791", "CVE-2017-7792", "CVE-2017-7793", "CVE-2017-7798", "CVE-2017-7800", "CVE-2017-7801", "CVE-2017-7802", "CVE-2017-7803", "CVE-2017-7805", "CVE-2017-7807", "CVE-2017-7809", "CVE-2017-7810", "CVE-2017-7814", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7823", "CVE-2017-7824", "CVE-2017-7843", "CVE-2017-7844", "CVE-2018-5089", "CVE-2018-5091", "CVE-2018-5095", "CVE-2018-5096", "CVE-2018-5097", "CVE-2018-5098", "CVE-2018-5099", "CVE-2018-5102", "CVE-2018-5103", "CVE-2018-5104", "CVE-2018-5117"); script_xref(name:"GLSA", value:"201802-03"); script_name(english:"GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201802-03" ); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-52.6.0' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-52.6.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 52.6.0"), vulnerable:make_list("lt 52.6.0"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 52.6.0"), vulnerable:make_list("lt 52.6.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox"); }
NASL family Windows NASL id MOZILLA_FIREFOX_57_0_1.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities. Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected. last seen 2020-06-01 modified 2020-06-02 plugin id 105040 published 2017-12-06 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105040 title Mozilla Firefox < 57.0.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105040); script_version("1.5"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-7843", "CVE-2017-7844"); script_bugtraq_id(102039); script_name(english:"Mozilla Firefox < 57.0.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities. Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 57.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7843"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', fix:'57.0.1', severity:SECURITY_WARNING);
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1327.NASL description According to the version of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-12-18 plugin id 105308 published 2017-12-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105308 title EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1327) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105308); script_version("3.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2017-7843" ); script_name(english:"EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1327)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1327 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?357a24e5"); script_set_attribute(attribute:"solution", value: "Update the affected firefox package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["firefox-52.5.1-1.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg, allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_57_0_1.NASL description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities. Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected. last seen 2020-06-01 modified 2020-06-02 plugin id 105039 published 2017-12-06 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105039 title Mozilla Firefox < 57.0.1 Multiple Vulnerabilities (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105039); script_version("1.5"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-7843", "CVE-2017-7844"); script_bugtraq_id(102039); script_name(english:"Mozilla Firefox < 57.0.1 Multiple Vulnerabilities (macOS)"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities. Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 57.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7843"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.'); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'57.0.1', severity:SECURITY_WARNING);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1366.NASL description This update for MozillaFirefox to 52.5.2esr fixes the following issue : - CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (boo#1072034, bmo#1410106, MFSA 2017-28) last seen 2020-06-05 modified 2017-12-14 plugin id 105246 published 2017-12-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105246 title openSUSE Security Update : MozillaFirefox (openSUSE-2017-1366) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1366. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(105246); script_version("3.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-7843"); script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2017-1366)"); script_summary(english:"Check for the openSUSE-2017-1366 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox to 52.5.2esr fixes the following issue : - CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (boo#1072034, bmo#1410106, MFSA 2017-28)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1072034" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-branding-upstream-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-buildsymbols-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debuginfo-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debugsource-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-devel-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-common-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-other-52.5.2-57.24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-branding-upstream-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-buildsymbols-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-debuginfo-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-debugsource-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-devel-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-translations-common-52.5.2-69.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaFirefox-translations-other-52.5.2-69.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4062.NASL description It was discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB. last seen 2020-06-01 modified 2020-06-02 plugin id 105123 published 2017-12-11 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105123 title Debian DSA-4062-1 : firefox-esr - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4062. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105123); script_version("3.6"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2017-7843"); script_xref(name:"DSA", value:"4062"); script_name(english:"Debian DSA-4062-1 : firefox-esr - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/firefox-esr" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/firefox-esr" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/firefox-esr" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-4062" ); script_set_attribute( attribute:"solution", value: "Upgrade the firefox-esr packages. For the oldstable distribution (jessie), this problem has been fixed in version 52.5.2esr-1~deb8u1. For the stable distribution (stretch), this problem has been fixed in version 52.5.2esr-1~deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"firefox-esr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-dbg", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-dev", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ach", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-af", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-all", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-an", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ar", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-as", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ast", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-az", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-be", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bg", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bn-bd", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bn-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-br", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bs", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ca", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-cs", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-cy", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-da", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-de", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-dsb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-el", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-en-gb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-en-za", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-eo", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-ar", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-cl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-es", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-mx", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-et", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-eu", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fa", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ff", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fi", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fy-nl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ga-ie", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gd", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gu-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-he", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hi-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hsb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hu", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hy-am", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-id", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-is", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-it", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ja", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-kk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-km", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-kn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ko", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lij", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lt", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lv", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mai", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ml", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ms", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nb-no", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nn-no", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-or", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pa-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pt-br", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pt-pt", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-rm", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ro", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ru", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-si", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-son", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sq", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sv-se", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ta", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-te", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-th", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-tr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-uk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-uz", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-vi", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-xh", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-zh-cn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-zh-tw", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-dbg", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-dev", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ach", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-af", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-all", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-an", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ar", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-as", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ast", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-az", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-be", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bg", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-bd", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-br", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bs", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ca", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cs", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cy", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-da", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-de", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-dsb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-el", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-gb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-za", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eo", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-ar", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-cl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-es", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-mx", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-et", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eu", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fa", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ff", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fi", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fy-nl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ga-ie", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gd", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gu-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-he", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hi-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hsb", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hu", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hy-am", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-id", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-is", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-it", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ja", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-km", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ko", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lij", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lt", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lv", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mai", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ml", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ms", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nb-no", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nn-no", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-or", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pa-in", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-br", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-pt", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-rm", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ro", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ru", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-si", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sl", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-son", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sq", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sv-se", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ta", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-te", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-th", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-tr", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uk", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uz", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-vi", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-xh", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-cn", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-tw", reference:"52.5.2esr-1~deb8u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-dev", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ach", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-af", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-all", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-an", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ar", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-as", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ast", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-az", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bg", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bn-bd", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bn-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-br", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bs", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ca", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cak", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cs", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cy", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-da", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-de", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-dsb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-el", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-en-gb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-en-za", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-eo", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-ar", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-cl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-es", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-mx", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-et", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-eu", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fa", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ff", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fi", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fy-nl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ga-ie", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gd", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gu-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-he", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hi-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hsb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hu", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hy-am", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-id", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-is", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-it", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ja", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ka", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kab", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-km", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ko", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lij", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lt", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lv", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mai", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ml", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ms", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nb-no", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nn-no", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-or", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pa-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pt-br", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pt-pt", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-rm", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ro", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ru", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-si", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-son", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sq", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sv-se", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ta", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-te", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-th", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-tr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-uk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-uz", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-vi", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-xh", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-zh-cn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-zh-tw", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-dev", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ach", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-af", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-all", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-an", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ar", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-as", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ast", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-az", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bg", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bn-bd", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bn-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-br", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bs", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ca", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cak", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cs", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cy", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-da", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-de", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-dsb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-el", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-en-gb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-en-za", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-eo", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-ar", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-cl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-es", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-mx", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-et", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-eu", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fa", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ff", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fi", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fy-nl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ga-ie", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gd", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gu-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-he", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hi-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hsb", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hu", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hy-am", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-id", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-is", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-it", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ja", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ka", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kab", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-km", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ko", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lij", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lt", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lv", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mai", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ml", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ms", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nb-no", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nn-no", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-or", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pa-in", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pt-br", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pt-pt", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-rm", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ro", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ru", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-si", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sl", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-son", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sq", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sv-se", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ta", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-te", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-th", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-tr", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-uk", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-uz", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-vi", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-xh", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-zh-cn", reference:"52.5.2esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-zh-tw", reference:"52.5.2esr-1~deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_52_5_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by a flaw related to handling Private Mode, web workers, and IndexedDB access that allows an attacker to cause persistent data to exist that can uniquely fingerprint a user. last seen 2020-06-01 modified 2020-06-02 plugin id 105211 published 2017-12-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105211 title Mozilla Firefox ESR < 52.5.2 Private Mode Fingerprinting Vulnerability (macOS) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-3382.NASL description From Red Hat Security Advisory 2017:3382 : An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es) : * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter. last seen 2020-05-31 modified 2017-12-06 plugin id 105027 published 2017-12-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105027 title Oracle Linux 6 / 7 : firefox (ELSA-2017-3382) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0001_FIREFOX.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private- browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) - A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. (CVE-2017-7828) - Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. (CVE-2017-7826) - The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. (CVE-2017-7830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127141 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127141 title NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-3382.NASL description An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es) : * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 105060 published 2017-12-07 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105060 title CentOS 6 / 7 : firefox (CESA-2017:3382) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B7E230502D5D4E619B4862E89DB222CA.NASL description Mozilla Foundation reports : CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data CVE-2017-7844: Visited history information leak through SVG image last seen 2020-06-01 modified 2020-06-02 plugin id 105026 published 2017-12-06 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105026 title FreeBSD : mozilla -- multiple vulnerabilities (b7e23050-2d5d-4e61-9b48-62e89db222ca) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-3382.NASL description An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es) : * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter. last seen 2020-05-31 modified 2017-12-05 plugin id 105018 published 2017-12-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105018 title RHEL 6 / 7 : firefox (RHSA-2017:3382) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1202.NASL description It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode. For Debian 7 last seen 2020-03-17 modified 2017-12-11 plugin id 105118 published 2017-12-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105118 title Debian DLA-1202-1 : firefox-esr security update NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0116_FIREFOX.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7814) - A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7819) - The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7823) - A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7809) - Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7779) - An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7753) - A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7785) - A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7786) - Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7787) - A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7792) - On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7791) - A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7800) - The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. (CVE-2017-7798) - A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7802) - A use-after-free vulnerability can occur while re- computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7801) - A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub- path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7807) - When a page last seen 2020-06-01 modified 2020-06-02 plugin id 127356 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127356 title NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1326.NASL description According to the version of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-12-18 plugin id 105307 published 2017-12-18 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105307 title EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1326) NASL family Scientific Linux Local Security Checks NASL id SL_20171205_FIREFOX_ON_SL6_X.NASL description This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es) : - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) last seen 2020-05-31 modified 2017-12-06 plugin id 105030 published 2017-12-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105030 title Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20171205)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/102039
- http://www.securityfocus.com/bid/102039
- http://www.securityfocus.com/bid/102112
- http://www.securityfocus.com/bid/102112
- http://www.securitytracker.com/id/1039954
- http://www.securitytracker.com/id/1039954
- https://access.redhat.com/errata/RHSA-2017:3382
- https://access.redhat.com/errata/RHSA-2017:3382
- https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
- https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
- https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
- https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
- https://www.debian.org/security/2017/dsa-4062
- https://www.debian.org/security/2017/dsa-4062
- https://www.mozilla.org/security/advisories/mfsa2017-27/
- https://www.mozilla.org/security/advisories/mfsa2017-27/
- https://www.mozilla.org/security/advisories/mfsa2017-28/
- https://www.mozilla.org/security/advisories/mfsa2017-28/