Vulnerabilities > CVE-2019-11707 - Type Confusion vulnerability in Mozilla Thunderbird

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
CWE-843
nessus
exploit available

Summary

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Vulnerable Configurations

Part Description Count
Application
Mozilla
939

Exploit-Db

idEDB-ID:47038
last seen2019-06-26
modified2019-06-26
published2019-06-26
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47038
titleMozilla Spidermonkey - IonMonkey &#039;Array.prototype.pop&#039; Type Confusion

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-169-02.NASL
    descriptionNew mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id126032
    published2019-06-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126032
    titleSlackware 14.2 / current : mozilla-firefox (SSA:2019-169-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2019-169-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126032);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/13 10:54:57");
    
      script_cve_id("CVE-2019-11707");
      script_xref(name:"SSA", value:"2019-169-02");
    
      script_name(english:"Slackware 14.2 / current : mozilla-firefox (SSA:2019-169-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New mozilla-firefox packages are available for Slackware 14.2 and
    -current to fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.381835
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e9583b29"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla-firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.2", pkgname:"mozilla-firefox", pkgver:"60.7.1esr", pkgarch:"i686", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"mozilla-firefox", pkgver:"60.7.1esr", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"mozilla-firefox", pkgver:"60.7.1esr", pkgarch:"i686", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"mozilla-firefox", pkgver:"60.7.1esr", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0017_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-03-18
    modified2020-03-11
    plugin id134411
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134411
    titleNewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2020-0017. The text
    # itself is copyright (C) ZTE, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134411);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id(
        "CVE-2019-9811",
        "CVE-2019-9812",
        "CVE-2019-11707",
        "CVE-2019-11708",
        "CVE-2019-11709",
        "CVE-2019-11711",
        "CVE-2019-11712",
        "CVE-2019-11713",
        "CVE-2019-11715",
        "CVE-2019-11717",
        "CVE-2019-11730",
        "CVE-2019-11733",
        "CVE-2019-11740",
        "CVE-2019-11742",
        "CVE-2019-11743",
        "CVE-2019-11744",
        "CVE-2019-11746",
        "CVE-2019-11752",
        "CVE-2019-11757",
        "CVE-2019-11758",
        "CVE-2019-11759",
        "CVE-2019-11760",
        "CVE-2019-11761",
        "CVE-2019-11762",
        "CVE-2019-11763",
        "CVE-2019-11764",
        "CVE-2019-17005",
        "CVE-2019-17008",
        "CVE-2019-17010",
        "CVE-2019-17011",
        "CVE-2019-17012"
      );
      script_bugtraq_id(108810, 108835, 109086);
    
      script_name(english:"NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple
    vulnerabilities:
    
      - Insufficient vetting of parameters passed with the
        Prompt:Open IPC message between child and parent
        processes can result in the non-sandboxed parent process
        opening web content chosen by a compromised child
        process. When combined with additional vulnerabilities
        this could result in executing arbitrary code on the
        user's computer. This vulnerability affects Firefox ESR
        < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
        (CVE-2019-11708)
    
      - A type confusion vulnerability can occur when
        manipulating JavaScript objects due to issues in
        Array.pop. This can allow for an exploitable crash. We
        are aware of targeted attacks in the wild abusing this
        flaw. This vulnerability affects Firefox ESR < 60.7.1,
        Firefox < 67.0.3, and Thunderbird < 60.7.2.
        (CVE-2019-11707)
    
      - Mozilla developers and community members reported memory
        safety bugs present in Firefox 67 and Firefox ESR 60.7.
        Some of these bugs showed evidence of memory corruption
        and we presume that with enough effort that some of
        these could be exploited to run arbitrary code. This
        vulnerability affects Firefox ESR < 60.8, Firefox < 68,
        and Thunderbird < 60.8. (CVE-2019-11709)
    
      - When an inner window is reused, it does not consider the
        use of document.domain for cross-origin protections. If
        pages on different subdomains ever cooperatively use
        document.domain, then either page can abuse this to
        inject script into arbitrary pages on the other
        subdomain, even those that did not use document.domain
        to relax their origin security. This vulnerability
        affects Firefox ESR < 60.8, Firefox < 68, and
        Thunderbird < 60.8. (CVE-2019-11711)
    
      - POST requests made by NPAPI plugins, such as Flash, that
        receive a status 308 redirect response can bypass CORS
        requirements. This can allow an attacker to perform
        Cross-Site Request Forgery (CSRF) attacks. This
        vulnerability affects Firefox ESR < 60.8, Firefox < 68,
        and Thunderbird < 60.8. (CVE-2019-11712)
    
      - A use-after-free vulnerability can occur in HTTP/2 when
        a cached HTTP/2 stream is closed while still in use,
        resulting in a potentially exploitable crash. This
        vulnerability affects Firefox ESR < 60.8, Firefox < 68,
        and Thunderbird < 60.8. (CVE-2019-11713)
    
      - Due to an error while parsing page content, it is
        possible for properly sanitized user input to be
        misinterpreted and lead to XSS hazards on web sites in
        certain circumstances. This vulnerability affects
        Firefox ESR < 60.8, Firefox < 68, and Thunderbird <
        60.8. (CVE-2019-11715)
    
      - A vulnerability exists where the caret (^) character
        is improperly escaped constructing some URIs due to it
        being used as a separator, allowing for possible
        spoofing of origin attributes. This vulnerability
        affects Firefox ESR < 60.8, Firefox < 68, and
        Thunderbird < 60.8. (CVE-2019-11717)
    
      - A vulnerability exists where if a user opens a locally
        saved HTML file, this file can use file: URIs to access
        other files in the same directory or sub-directories if
        the names are known or guessed. The Fetch API can then
        be used to read the contents of any files stored in
        these directories and they may uploaded to a server. It
        was demonstrated that in combination with a popular
        Android messaging app, if a malicious HTML attachment is
        sent to a user and they opened that attachment in
        Firefox, due to that app's predictable pattern for
        locally-saved file names, it is possible to read
        attachments the victim received from other
        correspondents. This vulnerability affects Firefox ESR <
        60.8, Firefox < 68, and Thunderbird < 60.8.
        (CVE-2019-11730)
    
      - As part of a winning Pwn2Own entry, a researcher
        demonstrated a sandbox escape by installing a malicious
        language pack and then opening a browser feature that
        used the compromised translation. This vulnerability
        affects Firefox ESR < 60.8, Firefox < 68, and
        Thunderbird < 60.8. (CVE-2019-9811)
    
      - When a master password is set, it is required to be
        entered again before stored passwords can be accessed in
        the 'Saved Logins' dialog. It was found that locally
        stored passwords can be copied to the clipboard thorough
        the 'copy password' context menu item without re-
        entering the master password if the master password had
        been previously entered in the same session, allowing
        for potential theft of stored passwords. This
        vulnerability affects Firefox < 68.0.2 and Firefox ESR <
        68.0.2. (CVE-2019-11733)
    
      - Given a compromised sandboxed content process due to a
        separate vulnerability, it is possible to escape that
        sandbox by loading accounts.firefox.com in that process
        and forcing a log-in to a malicious Firefox Sync
        account. Preference settings that disable the sandbox
        are then synchronized to the local machine and the
        compromised browser would restart without the sandbox if
        a crash is triggered. This vulnerability affects Firefox
        ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
        (CVE-2019-9812)
    
      - Mozilla developers and community members reported memory
        safety bugs present in Firefox 68, Firefox ESR 68, and
        Firefox 60.8. Some of these bugs showed evidence of
        memory corruption and we presume that with enough effort
        that some of these could be exploited to run arbitrary
        code. This vulnerability affects Firefox < 69,
        Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR <
        60.9, and Firefox ESR < 68.1. (CVE-2019-11740)
    
      - A same-origin policy violation occurs allowing the theft
        of cross-origin images through a combination of SVG
        filters and a <canvas> element due to an error in
        how same-origin policy is applied to cached image
        content. The resulting same-origin policy violation
        could allow for data theft. This vulnerability affects
        Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9,
        Firefox ESR < 60.9, and Firefox ESR < 68.1.
        (CVE-2019-11742)
    
      - Navigation events were not fully adhering to the W3C's
        Navigation-Timing Level 2 draft specification in some
        instances for the unload event, which restricts access
        to detailed timing attributes to only be same-origin.
        This resulted in potential cross-origin information
        exposure of history through timing side-channel attacks.
        This vulnerability affects Firefox < 69, Thunderbird <
        68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and
        Firefox ESR < 68.1. (CVE-2019-11743)
    
      - Some HTML elements, such as <title> and
        <textarea>, can contain literal angle brackets
        without treating them as markup. It is possible to pass
        a literal closing tag to .innerHTML on these elements,
        and subsequent content after that will be parsed as if
        it were outside the tag. This can lead to XSS if a site
        does not filter user input as strictly for these
        elements as it does for other elements. This
        vulnerability affects Firefox < 69, Thunderbird < 68.1,
        Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR
        < 68.1. (CVE-2019-11744)
    
      - A use-after-free vulnerability can occur while
        manipulating video elements if the body is freed while
        still in use. This results in a potentially exploitable
        crash. This vulnerability affects Firefox < 69,
        Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR <
        60.9, and Firefox ESR < 68.1. (CVE-2019-11746)
    
      - It is possible to delete an IndexedDB key value and
        subsequently try to extract it during conversion. This
        results in a use-after-free and a potentially
        exploitable crash. This vulnerability affects Firefox <
        69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR
        < 60.9, and Firefox ESR < 68.1. (CVE-2019-11752)
    
      - When following the value's prototype chain, it was
        possible to retain a reference to a locale, delete it,
        and subsequently reference it. This resulted in a use-
        after-free and a potentially exploitable crash. This
        vulnerability affects Firefox < 70, Thunderbird < 68.2,
        and Firefox ESR < 68.2. (CVE-2019-11757)
    
      - Mozilla community member Philipp reported a memory
        safety bug present in Firefox 68 when 360 Total Security
        was installed. This bug showed evidence of memory
        corruption in the accessibility engine and we presume
        that with enough effort that it could be exploited to
        run arbitrary code. This vulnerability affects Firefox <
        69, Thunderbird < 68.2, and Firefox ESR < 68.2.
        (CVE-2019-11758)
    
      - If two same-origin documents set document.domain
        differently to become cross-origin, it was possible for
        them to call arbitrary DOM methods/getters/setters on
        the now-cross-origin window. This vulnerability affects
        Firefox < 70, Thunderbird < 68.2, and Firefox ESR <
        68.2. (CVE-2019-11762)
    
      - Failure to correctly handle null bytes when processing
        HTML entities resulted in Firefox incorrectly parsing
        these entities. This could have led to HTML comment text
        being treated as HTML which could have led to XSS in a
        web application under certain conditions. It could have
        also led to HTML entities being masked from filters -
        enabling the use of entities to mask the actual
        characters of interest from filters. This vulnerability
        affects Firefox < 70, Thunderbird < 68.2, and Firefox
        ESR < 68.2. (CVE-2019-11763)
    
      - Mozilla developers and community members reported memory
        safety bugs present in Firefox 69 and Firefox ESR 68.1.
        Some of these bugs showed evidence of memory corruption
        and we presume that with enough effort some of these
        could be exploited to run arbitrary code. This
        vulnerability affects Firefox < 70, Thunderbird < 68.2,
        and Firefox ESR < 68.2. (CVE-2019-11764)
    
      - An attacker could have caused 4 bytes of HMAC output to
        be written past the end of a buffer stored on the stack.
        This could be used by an attacker to execute arbitrary
        code or more likely lead to a crash. This vulnerability
        affects Firefox < 70, Thunderbird < 68.2, and Firefox
        ESR < 68.2. (CVE-2019-11759)
    
      - A fixed-size stack buffer could overflow in nrappkit
        when doing WebRTC signaling. This resulted in a
        potentially exploitable crash in some instances. This
        vulnerability affects Firefox < 70, Thunderbird < 68.2,
        and Firefox ESR < 68.2. (CVE-2019-11760)
    
      - By using a form with a data URI it was possible to gain
        access to the privileged JSONView object that had been
        cloned into content. Impact from exposing this object
        appears to be minimal, however it was a bypass of
        existing defense in depth mechanisms. This vulnerability
        affects Firefox < 70, Thunderbird < 68.2, and Firefox
        ESR < 68.2. (CVE-2019-11761)
    
      - Under certain conditions, when checking the Resist
        Fingerprinting preference during device orientation
        checks, a race condition could have caused a use-after-
        free and a potentially exploitable crash. This
        vulnerability affects Thunderbird < 68.3, Firefox ESR <
        68.3, and Firefox < 71. (CVE-2019-17010)
    
      - Under certain conditions, when retrieving a document
        from a DocShell in the antitracking code, a race
        condition could cause a use-after-free condition and a
        potentially exploitable crash. This vulnerability
        affects Thunderbird < 68.3, Firefox ESR < 68.3, and
        Firefox < 71. (CVE-2019-17011)
    
      - Mozilla developers reported memory safety bugs present
        in Firefox 70 and Firefox ESR 68.2. Some of these bugs
        showed evidence of memory corruption and we presume that
        with enough effort some of these could have been
        exploited to run arbitrary code. This vulnerability
        affects Thunderbird < 68.3, Firefox ESR < 68.3, and
        Firefox < 71. (CVE-2019-17012)
    
      - When using nested workers, a use-after-free could occur
        during worker destruction. This resulted in a
        potentially exploitable crash. This vulnerability
        affects Thunderbird < 68.3, Firefox ESR < 68.3, and
        Firefox < 71. (CVE-2019-17008)
    
      - The plain text serializer used a fixed-size array for
        the number of  elements it could process; however it
        was possible to overflow the static-sized array leading
        to memory corruption and a potentially exploitable
        crash. This vulnerability affects Thunderbird < 68.3,
        Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17005)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0017");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11708");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.05": [
        "firefox-68.4.1-1.el6.centos",
        "firefox-debuginfo-68.4.1-1.el6.centos"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1594.NASL
    descriptionThis update for MozillaThunderbird to version 60.7.2 fixes the following issues : Security issues fixed: &#9; - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) - CVE-2019-11708: Fixed an issue which could have allowed sandbox escape using Prompt:Open (bsc#1138872).
    last seen2020-06-01
    modified2020-06-02
    plugin id126147
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126147
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2019-1594)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1594.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126147);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/13 10:54:57");
    
      script_cve_id("CVE-2019-11707", "CVE-2019-11708");
    
      script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1594)");
      script_summary(english:"Check for the openSUSE-2019-1594 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for MozillaThunderbird to version 60.7.2 fixes the
    following issues :
    
    Security issues fixed: &#9; 
    
      - CVE-2019-11707: Fixed a type confusion vulnerability in
        Arrary.pop (bsc#1138614) 
    
      - CVE-2019-11708: Fixed an issue which could have allowed
        sandbox escape using Prompt:Open (bsc#1138872)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138872"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaThunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-60.7.2-98.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-buildsymbols-60.7.2-98.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debuginfo-60.7.2-98.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debugsource-60.7.2-98.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-common-60.7.2-98.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-other-60.7.2-98.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1829.NASL
    descriptionSamuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126078
    published2019-06-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126078
    titleDebian DLA-1829-1 : firefox-esr security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1829-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126078);
      script_version("1.5");
      script_cvs_date("Date: 2019/08/13 10:54:56");
    
      script_cve_id("CVE-2019-11707");
    
      script_name(english:"Debian DLA-1829-1 : firefox-esr security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Samuel Gross discovered a type confusion bug in the JavaScript engine
    of the Mozilla Firefox web browser, which could result in the
    execution of arbitrary code when browsing a malicious website.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    60.7.1esr-1~deb8u1.
    
    We recommend that you upgrade your firefox-esr packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/06/msg00015.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/firefox-esr"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"firefox-esr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-dbg", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-dev", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ach", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-af", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-all", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-an", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ar", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-as", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ast", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-az", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-be", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bg", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bn-bd", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bn-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-br", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-bs", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ca", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-cs", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-cy", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-da", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-de", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-dsb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-el", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-en-gb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-en-za", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-eo", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-ar", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-cl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-es", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-es-mx", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-et", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-eu", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fa", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ff", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fi", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-fy-nl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ga-ie", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gd", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-gu-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-he", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hi-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hsb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hu", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-hy-am", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-id", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-is", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-it", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ja", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-kk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-km", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-kn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ko", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lij", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lt", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-lv", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mai", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ml", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-mr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ms", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nb-no", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-nn-no", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-or", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pa-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pt-br", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-pt-pt", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-rm", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ro", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ru", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-si", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-son", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sq", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-sv-se", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-ta", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-te", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-th", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-tr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-uk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-uz", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-vi", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-xh", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-zh-cn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"firefox-esr-l10n-zh-tw", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-dbg", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-dev", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ach", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-af", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-all", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-an", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ar", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-as", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ast", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-az", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-be", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bg", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-bd", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bn-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-br", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-bs", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ca", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cs", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-cy", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-da", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-de", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-dsb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-el", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-gb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-en-za", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eo", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-ar", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-cl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-es", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-es-mx", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-et", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-eu", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fa", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ff", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fi", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-fy-nl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ga-ie", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gd", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-gu-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-he", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hi-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hsb", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hu", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-hy-am", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-id", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-is", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-it", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ja", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-km", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-kn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ko", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lij", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lt", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-lv", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mai", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ml", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-mr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ms", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nb-no", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-nn-no", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-or", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pa-in", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-br", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-pt-pt", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-rm", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ro", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ru", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-si", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sl", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-son", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sq", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-sv-se", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-ta", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-te", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-th", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-tr", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uk", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-uz", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-vi", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-xh", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-cn", reference:"60.7.1esr-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"iceweasel-l10n-zh-tw", reference:"60.7.1esr-1~deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_67_0_3.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-11707) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126002
    published2019-06-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126002
    titleMozilla Firefox < 67.0.3
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1593.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Mozilla Firefox 60.7.1esr was released to address MFSA 2019-18 (boo#1138614) - CVE-2019-11707: Fixed a type confusion in Array.pop
    last seen2020-05-31
    modified2019-06-24
    plugin id126146
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126146
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2019-1593)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4471.NASL
    descriptionMultiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.
    last seen2020-06-01
    modified2020-06-02
    plugin id126224
    published2019-06-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126224
    titleDebian DSA-4471-1 : thunderbird - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1696.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-07-09
    plugin id126558
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126558
    titleRHEL 8 : firefox (RHSA-2019:1696)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4045-1.NASL
    descriptionA type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. (CVE-2019-11707) It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. (CVE-2019-11708). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126465
    published2019-07-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126465
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : thunderbird vulnerabilities (USN-4045-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9D9AD2999E.NASL
    description - New upstream version (67.0.3) - Fixed CVE-2019-11707: Type confusion in Array.pop ---- - New upstream version (67.0.2) - Release notes are available at https://www.mozilla.org/en-US/firefox/67.0.2/releasenote s/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126080
    published2019-06-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126080
    titleFedora 29 : firefox (2019-9d9ad2999e)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C2FF49EF73.NASL
    descriptionFix CVE-2019-11707 Fix CVE-2019-11708 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126133
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126133
    titleFedora 30 : gjs / mozjs60 (2019-c2ff49ef73)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1603.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126385
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126385
    titleCentOS 7 : firefox (CESA-2019:1603)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1604.NASL
    descriptionFrom Red Hat Security Advisory 2019:1604 : An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-27
    plugin id126300
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126300
    titleOracle Linux 6 : firefox (ELSA-2019-1604)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1626.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-28
    plugin id126321
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126321
    titleRHEL 7 : thunderbird (RHSA-2019:1626)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1624.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-28
    plugin id126320
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126320
    titleRHEL 6 : thunderbird (RHSA-2019:1624)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190627_THUNDERBIRD_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Type confusion in Array.pop (CVE-2019-11707) - thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) - Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) - thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) - thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) - thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
    last seen2020-05-31
    modified2019-07-01
    plugin id126366
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126366
    titleScientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190627)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1604.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-26
    plugin id126252
    published2019-06-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126252
    titleRHEL 6 : firefox (RHSA-2019:1604)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0163_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id127447
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127447
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0163)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1250.NASL
    descriptionlibical: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) libical: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) Mozilla: Type confusion in Array.pop (CVE-2019-11707)
    last seen2020-05-31
    modified2019-07-24
    plugin id126962
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126962
    titleAmazon Linux 2 : thunderbird (ALAS-2019-1250)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1696.NASL
    descriptionFrom Red Hat Security Advisory 2019:1696 : An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-08-12
    plugin id127596
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127596
    titleOracle Linux 8 : firefox (ELSA-2019-1696)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1623.NASL
    descriptionFrom Red Hat Security Advisory 2019:1623 : An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-08-12
    plugin id127595
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127595
    titleOracle Linux 8 : thunderbird (ELSA-2019-1623)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-12 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127961
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127961
    titleGLSA-201908-12 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0178_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) - A flaw in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id128698
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128698
    titleNewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0164_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id127448
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127448
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_49BEB00FA6E14A4293DF9CB14B4C2BEE.NASL
    descriptionMozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. CVE-2019-11708: sandbox escape using Prompt:Open Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id126137
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126137
    titleFreeBSD : Mozilla -- multiple vulnerabilities (49beb00f-a6e1-4a42-93df-9cb14b4c2bee)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_60_7_1_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-11707) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125999
    published2019-06-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125999
    titleMozilla Firefox ESR < 60.7.1
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_60_7_1_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 60.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-11707) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126001
    published2019-06-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126001
    titleMozilla Firefox ESR < 60.7.1
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1603.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-26
    plugin id126251
    published2019-06-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126251
    titleRHEL 7 : firefox (RHSA-2019:1603)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1606.NASL
    descriptionThis update for MozillaThunderbird fixes the following issues : Security issues fixed : - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). - CVE-2019-11707: Fixed a type confusion in Array.pop (bsc#1138872). - CVE-2019-11708: Fixed a sandbox escape using Prompt:Open (bsc#1138872). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126231
    published2019-06-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126231
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2019-1606)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0CEA6E0A7A394DACB3ECDBC13D404F76.NASL
    descriptionMozilla Foundation reports : CVE-2019-11707: Type confusion in Array.pop A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
    last seen2020-06-01
    modified2020-06-02
    plugin id126019
    published2019-06-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126019
    titleFreeBSD : mozilla -- multiple vulnerabilities (0cea6e0a-7a39-4dac-b3ec-dbc13d404f76)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_THUNDERBIRD_60_7_2.NASL
    descriptionThe version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-20 advisory. - A denial of service (DoS) vulnerability exists in the Arrays.pop component due to a type confusion vulnerability. An unauthenticated, remote attacker can exploit this issue, by manipulating JavaScript objects, to cause the application to stop responding (CVE-2019-11707). - A remote command execution vulnerability exists in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id126217
    published2019-06-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126217
    titleMozilla Thunderbird < 60.7.2
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_67_0_3.NASL
    descriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-11707) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126000
    published2019-06-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126000
    titleMozilla Firefox < 67.0.3
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0022_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-03-18
    modified2020-03-11
    plugin id134410
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134410
    titleNewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190626_FIREFOX_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Type confusion in Array.pop (CVE-2019-11707) - Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
    last seen2020-05-31
    modified2019-06-27
    plugin id126303
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126303
    titleScientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190626)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0175_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2019-5798) - Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. (CVE-2018-18511) - Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. (CVE-2019-9797) - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id128691
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128691
    titleNewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1836.NASL
    descriptionMultiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126247
    published2019-06-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126247
    titleDebian DLA-1836-1 : thunderbird security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1624.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-07-02
    plugin id126388
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126388
    titleCentOS 6 : thunderbird (CESA-2019:1624)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1624.NASL
    descriptionFrom Red Hat Security Advisory 2019:1624 : An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-28
    plugin id126317
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126317
    titleOracle Linux 6 : thunderbird (ELSA-2019-1624)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1604.NASL
    descriptionAn update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126386
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126386
    titleCentOS 6 : firefox (CESA-2019:1604)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_60_7_2.NASL
    descriptionThe version of Thunderbird installed on the remote Windows host is prior to 60.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-20 advisory. - A denial of service (DoS) vulnerability exists in the Arrays.pop component due to a type confusion vulnerability. An unauthenticated, remote attacker can exploit this issue, by manipulating JavaScript objects, to cause the application to stop responding (CVE-2019-11707). - A remote command execution vulnerability exists in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id126218
    published2019-06-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126218
    titleMozilla Thunderbird < 60.7.2
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190626_FIREFOX_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Type confusion in Array.pop (CVE-2019-11707) - Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
    last seen2020-05-31
    modified2019-07-02
    plugin id126434
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126434
    titleScientific Linux Security Update : firefox on SL7.x x86_64 (20190626)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0160_THUNDERBIRD.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird
    last seen2020-06-01
    modified2020-06-02
    plugin id127441
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127441
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190627_THUNDERBIRD_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Mozilla: Type confusion in Array.pop (CVE-2019-11707) - thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) - Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) - thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) - thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) - thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
    last seen2020-05-31
    modified2019-07-02
    plugin id126435
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126435
    titleScientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-172-02.NASL
    descriptionNew mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id126094
    published2019-06-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126094
    titleSlackware 14.2 / current : mozilla-thunderbird (SSA:2019-172-02)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2CAC67B3BC.NASL
    description - New upstream version (67.0.3) - Fixed CVE-2019-11707: Type confusion in Array.pop Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-06-20
    plugin id126055
    published2019-06-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126055
    titleFedora 30 : firefox (2019-2cac67b3bc)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1626.NASL
    descriptionFrom Red Hat Security Advisory 2019:1626 : An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-28
    plugin id126318
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126318
    titleOracle Linux 7 : thunderbird (ELSA-2019-1626)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1603.NASL
    descriptionFrom Red Hat Security Advisory 2019:1603 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-26
    plugin id126249
    published2019-06-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126249
    titleOracle Linux 7 : firefox (ELSA-2019-1603)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0161_FIREFOX.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id127442
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127442
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1623.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-28
    plugin id126319
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126319
    titleRHEL 8 : thunderbird (RHSA-2019:1623)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4466.NASL
    descriptionSamuel Gross discovered a type confusion bug in the JavaScript engine of the Mozilla Firefox web browser, which could result in the execution of arbitrary code when browsing a malicious website.
    last seen2020-06-01
    modified2020-06-02
    plugin id126012
    published2019-06-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126012
    titleDebian DSA-4466-1 : firefox-esr - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1629-1.NASL
    descriptionThis update for MozillaFirefox to version 60.7.1 fixes the following issues : Security issue fixed : CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) Other issues addressed: Added the new Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id126164
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126164
    titleSUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1629-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1626.NASL
    descriptionAn update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es) : * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-07-02
    plugin id126389
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126389
    titleCentOS 7 : thunderbird (CESA-2019:1626)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/153422/GS20190625234723.txt
idPACKETSTORM:153422
last seen2019-06-26
published2019-06-25
reportersaelo
sourcehttps://packetstormsecurity.com/files/153422/Spidermonkey-IonMonkey-Incorrect-Prediction.html
titleSpidermonkey IonMonkey Incorrect Prediction

Redhat

rpms
  • firefox-0:60.7.2-1.el7_6
  • firefox-debuginfo-0:60.7.2-1.el7_6
  • firefox-0:60.7.2-1.el6_10
  • firefox-debuginfo-0:60.7.2-1.el6_10
  • thunderbird-0:60.7.2-2.el8_0
  • thunderbird-debuginfo-0:60.7.2-2.el8_0
  • thunderbird-debugsource-0:60.7.2-2.el8_0
  • thunderbird-0:60.7.2-2.el6_10
  • thunderbird-debuginfo-0:60.7.2-2.el6_10
  • thunderbird-0:60.7.2-2.el7_6
  • thunderbird-debuginfo-0:60.7.2-2.el7_6
  • firefox-0:60.7.2-3.el8_0
  • firefox-debuginfo-0:60.7.2-3.el8_0
  • firefox-debugsource-0:60.7.2-3.el8_0

The Hacker News