Vulnerabilities > CVE-2018-12381 - Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- XML Routing Detour Attacks An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Man in the Middle type attacks. The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of his or her choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3591-2.NASL description This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited, recently visited and recommended pages Support for configuration policies in enterprise deployments via JSON files Support for Web Authentication, allowing the use of USB tokens for authentication to websites The following changes affect compatibility: Now exclusively supports extensions built using the WebExtension API. Unsupported legacy extensions will no longer work in Firefox 60 ESR TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The last seen 2020-06-01 modified 2020-06-02 plugin id 119451 published 2018-12-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119451 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:3591-2. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(119451); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2017-16541", "CVE-2018-12376", "CVE-2018-12377", "CVE-2018-12378", "CVE-2018-12379", "CVE-2018-12381", "CVE-2018-12383", "CVE-2018-12385", "CVE-2018-12386", "CVE-2018-12387"); script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited, recently visited and recommended pages Support for configuration policies in enterprise deployments via JSON files Support for Web Authentication, allowing the use of USB tokens for authentication to websites The following changes affect compatibility: Now exclusively supports extensions built using the WebExtension API. Unsupported legacy extensions will no longer work in Firefox 60 ESR TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). CVE-2018-12376: Various memory safety bugs (bsc#1107343). CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues Added TCP Fast Open functionality A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. Fix a rare bug with PKCS#12 files. Replaces existing vectorized ChaCha20 code with verified HACL* implementation. TLS 1.3 support has been updated to draft -23. Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 TÜBÄ°TAK UEKAE Kök Sertifika Hizmet Sağlayıcà „±sı - Sürüm 3 ACEDICOM Root Certinomis - Autorité Racine TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcà „±sı PSCProcert CA 沃é€& Acirc;šÃ¦Â ¹è&Ac irc;¯ÂÃ¤Â¹Â¦, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcà „±sı H6 CN = Microsec e-Szigno Root The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012260" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1021577" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1026191" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1041469" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1041894" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1049703" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1061204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1064786" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065464" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066489" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1073210" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1078436" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1091551" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1092697" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1094767" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1096515" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1107343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108771" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109465" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110507" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=703591" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=839074" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=857131" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=893359" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16541/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12376/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12377/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12378/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12379/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12381/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12383/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12385/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12386/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-12387/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20183591-2/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c7ed80c7" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2018-2549=1 SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2018-2549=1 SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2018-2549=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-branding-SLE-60-32.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-debuginfo-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-debugsource-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"MozillaFirefox-translations-common-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-mod_nss-1.0.14-19.6.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-mod_nss-debuginfo-1.0.14-19.6.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"apache2-mod_nss-debugsource-1.0.14-19.6.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-hmac-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-hmac-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-4.19-19.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debuginfo-4.19-19.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debugsource-4.19-19.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debugsource-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-tools-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-tools-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-hmac-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-hmac-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-32bit-4.19-19.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debuginfo-32bit-4.19-19.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-branding-SLE-60-32.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-debugsource-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"MozillaFirefox-translations-common-60.2.2esr-109.46.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libfreebl3-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsoftokn3-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.19-19.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-4.19-19.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.19-19.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-4.19-19.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-debugsource-4.19-19.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-certs-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-sysinit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-tools-3.36.4-58.15.3")) flag++; if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.36.4-58.15.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-SLE / llvm4 / mozilla-nspr / mozilla-nss / apache2-mod_nss"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_62_0.NASL description The version of Mozilla Firefox installed on the remote macOS host is prior to 62. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2018/09/05. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 119748 published 2018-12-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119748 title Mozilla Firefox < 62 Multiple Vulnerabilities (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119748); script_version("1.2"); script_cvs_date("Date: 2019/04/05 23:25:06"); script_cve_id( "CVE-2017-16541", "CVE-2018-12375", "CVE-2018-12376", "CVE-2018-12377", "CVE-2018-12378", "CVE-2018-12379", "CVE-2018-12381", "CVE-2018-12382", "CVE-2018-12383", "CVE-2018-18499" ); script_name(english:"Mozilla Firefox < 62 Multiple Vulnerabilities (macOS)"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox installed on the remote macOS host is prior to 62. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2018/09/05. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); # https://bugzilla.mozilla.org/show_bug.cgi?id=1412081 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eeb4654f"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1433502 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f3e46cb"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1435319 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f8c53b5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1450989 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?20fb56d5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1459383 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ba771ab"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1461027 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9999cb80"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1462693 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?63398af6"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1466577 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec8a52cc"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1466991 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?729f9359"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1467363 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1de4cab5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1467889 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c5d40321"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1468523 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?38d5db79"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1468738 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e15e66a"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1469309 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71d5c763"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1469914 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0410b02e"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1470260 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c939fbe7"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1471953 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06cc0e92"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1472925 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?635f0fa0"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1473113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4376815f"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1473161 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?99b48daf"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1475431 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b90402bb"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc528cf5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1478575 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fdfa1d66"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1478849 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0c0acea"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1479311 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f284ef32"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480092 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69cce0e2"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480517 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae70d802"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480521 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd5f0586"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480965 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7be72ad4"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1481093 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d6a368a"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1483120 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?61040df6"); # https://bugzilla.mozilla.org/show_bug.cgi?id=894215 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9284762b"); # https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8517426b"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 62 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12376"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.'); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'62', severity:SECURITY_HOLE);
NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_60_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 117292 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117292 title Mozilla Firefox ESR < 60.2 Multiple Vulnerabilities (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(117292); script_version("1.7"); script_cvs_date("Date: 2019/04/05 23:25:06"); script_cve_id( "CVE-2017-16541", "CVE-2018-12376", "CVE-2018-12377", "CVE-2018-12378", "CVE-2018-12379", "CVE-2018-12381", "CVE-2018-18499" ); script_bugtraq_id("101665"); script_xref(name:"MFSA", value:"2018-21"); script_name(english:"Mozilla Firefox ESR < 60.2 Multiple Vulnerabilities (macOS)"); script_summary(english:"Checks the version of Firefox ESR."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes."); # https://bugzilla.mozilla.org/show_bug.cgi?id=1412081 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eeb4654f"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1435319 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f8c53b5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1450989 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?20fb56d5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1459383 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ba771ab"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1466577 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec8a52cc"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1466991 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?729f9359"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1467363 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1de4cab5"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1467889 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c5d40321"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1468523 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?38d5db79"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1468738 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e15e66a"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1469309 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71d5c763"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1469914 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0410b02e"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1470260 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c939fbe7"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1471953 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06cc0e92"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1472925 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?635f0fa0"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1473113 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4376815f"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1473161 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?99b48daf"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1478575 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fdfa1d66"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1478849 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0c0acea"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480092 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69cce0e2"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480517 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae70d802"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1480521 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd5f0586"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1481093 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d6a368a"); # https://bugzilla.mozilla.org/show_bug.cgi?id=1483120 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?61040df6"); # https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?387cd93f"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 62.0.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12376"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Version"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); is_esr = get_kb_item(kb_base+"/is_esr"); if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR"); mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'60.2', min:'60.0', severity:SECURITY_HOLE);
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2890-1.NASL description This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited, recently visited and recommended pages Support for configuration policies in enterprise deployments via JSON files Support for Web Authentication, allowing the use of USB tokens for authentication to websites The following changes affect compatibility: Now exclusively supports extensions built using the WebExtension API. Unsupported legacy extensions will no longer work in Firefox 60 ESR TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The last seen 2020-06-01 modified 2020-06-02 plugin id 120110 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120110 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_62_0_0.NASL description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 62. It is, therefore, affected by multiple critical and high severity vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 117291 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117291 title Mozilla Firefox < 62 Multiple Critical Vulnerabilities (macOS) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3591-1.NASL description This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited, recently visited and recommended pages Support for configuration policies in enterprise deployments via JSON files Support for Web Authentication, allowing the use of USB tokens for authentication to websites The following changes affect compatibility: Now exclusively supports extensions built using the WebExtension API. Unsupported legacy extensions will no longer work in Firefox 60 ESR TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The last seen 2020-06-01 modified 2020-06-02 plugin id 118590 published 2018-11-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118590 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-01.NASL description The remote host is affected by the vulnerability described in GLSA-201810-01 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 117894 published 2018-10-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117894 title GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C96D416AEAE74D5DBC8440DECA9329FB.NASL description Mozilla Foundation reports : CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords CVE-2018-12375: Memory safety bugs fixed in Firefox 62 CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 last seen 2020-06-01 modified 2020-06-02 plugin id 117304 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117304 title FreeBSD : mozilla -- multiple vulnerabilities (c96d416a-eae7-4d5d-bc84-40deca9329fb) NASL family Windows NASL id MOZILLA_FIREFOX_62_0_0.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 62. It is, therefore, affected by multiple critical and high severity vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 117294 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117294 title Mozilla Firefox < 62 Multiple Critical Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_60_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 60.2. It is, therefore, affected by multiple critical and high severity vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 117293 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117293 title Mozilla Firefox ESR < 60.2 Multiple Critical Vulnerabilities
References
- http://www.securityfocus.com/bid/105280
- http://www.securityfocus.com/bid/105280
- http://www.securitytracker.com/id/1041610
- http://www.securitytracker.com/id/1041610
- https://bugzilla.mozilla.org/show_bug.cgi?id=1435319
- https://bugzilla.mozilla.org/show_bug.cgi?id=1435319
- https://security.gentoo.org/glsa/201810-01
- https://security.gentoo.org/glsa/201810-01
- https://www.mozilla.org/security/advisories/mfsa2018-20/
- https://www.mozilla.org/security/advisories/mfsa2018-20/
- https://www.mozilla.org/security/advisories/mfsa2018-21/
- https://www.mozilla.org/security/advisories/mfsa2018-21/