Vulnerabilities > CVE-2020-12392 - Path Traversal vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2036.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2036 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-22 plugin id 136772 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136772 title CentOS 6 : firefox (CESA-2020:2036) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2036 and # CentOS Errata and Security Advisory 2020:2036 respectively. # include("compat.inc"); if (description) { script_id(136772); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-6831" ); script_xref(name:"RHSA", value:"2020:2036"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"CentOS 6 : firefox (CESA-2020:2036)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2036 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); # https://lists.centos.org/pipermail/centos-announce/2020-May/035715.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?051db298"); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"firefox-68.8.0-1.el6.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }NASL family Windows NASL id MOZILLA_THUNDERBIRD_68_8_0.NASL description The version of Thunderbird installed on the remote Windows host is prior to 68.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-07 plugin id 136359 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136359 title Mozilla Thunderbird < 68.8.0 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mozilla Foundation Security Advisory mfsa2020-18. # The text itself is copyright (C) Mozilla Foundation. include('compat.inc'); if (description) { script_id(136359); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-6831", "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12393", "CVE-2020-12395", "CVE-2020-12397" ); script_xref(name:"MFSA", value:"2020-18"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Mozilla Thunderbird < 68.8.0"); script_set_attribute(attribute:"synopsis", value: "A mail client installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Thunderbird installed on the remote Windows host is prior to 68.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Thunderbird version 68.8.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include('mozilla_version.inc'); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'68.8.0', severity:SECURITY_HOLE);NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2037.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2037 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-22 plugin id 136773 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136773 title CentOS 7 : firefox (CESA-2020:2037) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2037 and # CentOS Errata and Security Advisory 2020:2037 respectively. # include("compat.inc"); if (description) { script_id(136773); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-6831" ); script_xref(name:"RHSA", value:"2020:2037"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"CentOS 7 : firefox (CESA-2020:2037)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2037 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); # https://lists.centos.org/pipermail/centos-announce/2020-May/035713.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c277f0b4"); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"firefox-68.8.0-1.el7.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-04.NASL description The remote host is affected by the vulnerability described in GLSA-202005-04 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process, an information leak or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-06 modified 2020-05-13 plugin id 136541 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136541 title GLSA-202005-04 : Mozilla Firefox: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202005-04. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(136541); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12394", "CVE-2020-12395", "CVE-2020-12396", "CVE-2020-6831" ); script_xref(name:"GLSA", value:"202005-04"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"GLSA-202005-04 : Mozilla Firefox: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202005-04 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process, an information leak or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/"); script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202005-04"); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-68.8.0' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-68.8.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firefox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/13"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/firefox-bin", unaffected:make_list("ge 68.8.0"), vulnerable:make_list("lt 68.8.0"))) flag++; if (qpkg_check(package:"www-client/firefox", unaffected:make_list("ge 68.8.0"), vulnerable:make_list("lt 68.8.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2046.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2046 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-05 modified 2020-05-11 plugin id 136476 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136476 title RHEL 8 : thunderbird (RHSA-2020:2046) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2046. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136476); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-6831", "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-12397" ); script_xref(name:"RHSA", value:"2020:2046"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"RHEL 8 : thunderbird (RHSA-2020:2046)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2046 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12395"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12397"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1832565"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/552.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/172.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2046"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12387"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12392"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12395"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12397"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1832565"); script_set_attribute(attribute:"solution", value: "Update the affected thunderbird and / or thunderbird-debugsource packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(120, 172, 416, 552); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debugsource"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'thunderbird-68.8.0-1.el8_2', 'cpu':'aarch64', 'release':'8', 'allowmaj':TRUE}, {'reference':'thunderbird-68.8.0-1.el8_2', 'cpu':'x86_64', 'release':'8', 'allowmaj':TRUE}, {'reference':'thunderbird-debugsource-68.8.0-1.el8_2', 'cpu':'aarch64', 'release':'8', 'allowmaj':TRUE}, {'reference':'thunderbird-debugsource-68.8.0-1.el8_2', 'cpu':'x86_64', 'release':'8', 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debugsource'); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4353-1.NASL description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools last seen 2020-06-06 modified 2020-05-08 plugin id 136420 published 2020-05-08 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136420 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : firefox vulnerabilities (USN-4353-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4353-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(136420); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12390", "CVE-2020-12391", "CVE-2020-12392", "CVE-2020-12394", "CVE-2020-12395", "CVE-2020-12396", "CVE-2020-6831" ); script_xref(name:"USN", value:"4353-1"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : firefox vulnerabilities (USN-4353-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools' 'Copy as cURL' feature did not properly HTTP POST data of a request. If a user were tricked in to using the 'Copy as cURL' feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2020-12392). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/4353-1/"); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|19\.10|20\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10 / 20.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"firefox", pkgver:"76.0+build2-0ubuntu0.16.04.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"firefox", pkgver:"76.0+build2-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"firefox", pkgver:"76.0+build2-0ubuntu0.19.10.1")) flag++; if (ubuntu_check(osver:"20.04", pkgname:"firefox", pkgver:"76.0+build2-0ubuntu0.20.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2033.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2033 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-02 modified 2020-05-06 plugin id 136344 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136344 title RHEL 8 : firefox (RHSA-2020:2033) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2033. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136344); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-6831", "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395" ); script_xref(name:"RHSA", value:"2020:2033"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"RHEL 8 : firefox (RHSA-2020:2033)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2033 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/552.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2033"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12387"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12392"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12395"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"solution", value: "Update the affected firefox and / or firefox-debugsource packages."); script_set_attribute(attribute:"risk_factor", value:"Critical"); script_cwe_id(120, 120, 416, 552); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debugsource"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'firefox-68.8.0-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}, {'reference':'firefox-68.8.0-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}, {'reference':'firefox-68.8.0-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}, {'reference':'firefox-debugsource-68.8.0-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}, {'reference':'firefox-debugsource-68.8.0-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}, {'reference':'firefox-debugsource-68.8.0-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-debugsource'); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4678.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. last seen 2020-06-06 modified 2020-05-07 plugin id 136374 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136374 title Debian DSA-4678-1 : firefox-esr - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4678. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(136374); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-6831" ); script_xref(name:"DSA", value:"4678"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Debian DSA-4678-1 : firefox-esr - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure." ); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/firefox-esr"); script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/firefox-esr"); script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/firefox-esr"); script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4678"); script_set_attribute( attribute:"solution", value: "Upgrade the firefox-esr packages. For the oldstable distribution (stretch), these problems have been fixed in version 68.8.0esr-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 68.8.0esr-1~deb10u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firefox-esr"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"firefox-esr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ach", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-af", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-all", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-an", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ar", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-as", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ast", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-az", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-be", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-bg", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-bn-bd", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-bn-in", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-br", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-bs", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ca", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-cak", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-cs", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-cy", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-da", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-de", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-dsb", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-el", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-en-gb", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-en-za", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-eo", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-es-ar", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-es-cl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-es-es", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-es-mx", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-et", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-eu", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-fa", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ff", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-fi", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-fr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-fy-nl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ga-ie", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-gd", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-gl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-gn", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-gu-in", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-he", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-hi-in", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-hr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-hsb", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-hu", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-hy-am", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ia", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-id", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-is", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-it", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ja", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ka", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-kab", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-kk", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-km", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-kn", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ko", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-lij", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-lt", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-lv", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-mai", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-mk", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ml", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-mr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ms", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-my", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-nb-no", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ne-np", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-nl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-nn-no", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-oc", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-or", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-pa-in", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-pl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-pt-br", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-pt-pt", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-rm", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ro", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ru", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-si", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-sk", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-sl", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-son", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-sq", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-sr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-sv-se", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ta", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-te", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-th", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-tr", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-uk", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-ur", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-uz", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-vi", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-xh", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-zh-cn", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"10.0", prefix:"firefox-esr-l10n-zh-tw", reference:"68.8.0esr-1~deb10u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-dev", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ach", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-af", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-all", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-an", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ar", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-as", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ast", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-az", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bg", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bn-bd", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bn-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-br", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-bs", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ca", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cak", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cs", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-cy", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-da", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-de", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-dsb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-el", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-en-gb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-en-za", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-eo", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-ar", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-cl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-es", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-es-mx", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-et", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-eu", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fa", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ff", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fi", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-fy-nl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ga-ie", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gd", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-gu-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-he", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hi-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hsb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hu", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-hy-am", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-id", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-is", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-it", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ja", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ka", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kab", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-km", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-kn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ko", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lij", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lt", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-lv", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mai", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ml", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-mr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ms", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nb-no", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-nn-no", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-or", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pa-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pt-br", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-pt-pt", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-rm", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ro", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ru", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-si", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-son", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sq", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-sv-se", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-ta", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-te", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-th", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-tr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-uk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-uz", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-vi", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-xh", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-zh-cn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"firefox-esr-l10n-zh-tw", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-dev", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ach", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-af", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-all", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-an", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ar", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-as", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ast", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-az", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bg", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bn-bd", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bn-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-br", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-bs", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ca", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cak", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cs", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-cy", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-da", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-de", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-dsb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-el", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-en-gb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-en-za", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-eo", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-ar", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-cl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-es", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-es-mx", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-et", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-eu", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fa", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ff", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fi", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-fy-nl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ga-ie", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gd", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-gu-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-he", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hi-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hsb", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hu", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-hy-am", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-id", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-is", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-it", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ja", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ka", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kab", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-km", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-kn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ko", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lij", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lt", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-lv", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mai", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ml", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-mr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ms", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nb-no", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-nn-no", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-or", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pa-in", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pt-br", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-pt-pt", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-rm", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ro", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ru", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-si", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sl", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-son", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sq", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-sv-se", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-ta", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-te", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-th", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-tr", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-uk", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-uz", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-vi", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-xh", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-zh-cn", reference:"68.8.0esr-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"iceweasel-l10n-zh-tw", reference:"68.8.0esr-1~deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20200506_FIREFOX_ON_SL6_X.NASL description Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-07 plugin id 136389 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136389 title Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200506) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(136389); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-6831" ); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200506)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2005&L=SCIENTIFIC-LINUX-ERRATA&P=4807 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c96fa941"); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or firefox-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"firefox-68.8.0-1.el6_10", allowmaj:TRUE)) flag++; if (rpm_check(release:"SL6", reference:"firefox-debuginfo-68.8.0-1.el6_10", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-1209-1.NASL description This update for MozillaFirefox fixes the following issues : Update to version 68.8.0 ESR (bsc#1171186) : CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens CVE-2020-12389: Sandbox escape with improperly separated process types CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-15 plugin id 136649 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136649 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1209-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:1209-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(136649); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12388", "CVE-2020-12389", "CVE-2020-12392", "CVE-2020-12393", "CVE-2020-12395", "CVE-2020-6831" ); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1209-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox fixes the following issues : Update to version 68.8.0 ESR (bsc#1171186) : CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens CVE-2020-12389: Sandbox escape with improperly separated process types CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://www.suse.com/support/update/announcement/2020/suse-su-20201209-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?29207013" ); script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1171186"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12387/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12388/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12389/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12392/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12393/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12395/"); script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-6831/"); # https://www.suse.com/support/update/announcement/2020/suse-su-20201209-1/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29207013"); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1209=1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 : zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1209=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/15"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-devel-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"MozillaFirefox-devel-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-branding-upstream-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debuginfo-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debugsource-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debuginfo-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debugsource-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-translations-common-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-translations-other-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-devel-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"MozillaFirefox-devel-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-branding-upstream-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debuginfo-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debugsource-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debuginfo-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debugsource-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-translations-common-68.8.0-3.87.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-translations-other-68.8.0-3.87.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2050.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2050 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-22 plugin id 136776 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136776 title CentOS 7 : thunderbird (CESA-2020:2050) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2050 and # CentOS Errata and Security Advisory 2020:2050 respectively. # include("compat.inc"); if (description) { script_id(136776); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-12397", "CVE-2020-6831" ); script_xref(name:"RHSA", value:"2020:2050"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"CentOS 7 : thunderbird (CESA-2020:2050)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2050 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); # https://lists.centos.org/pipermail/centos-announce/2020-May/035714.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?679720d5"); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"thunderbird-68.8.0-1.el7.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2046.NASL description From Red Hat Security Advisory 2020:2046 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2046 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-14 plugin id 136600 published 2020-05-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136600 title Oracle Linux 8 : thunderbird (ELSA-2020-2046) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2046 and # Oracle Linux Security Advisory ELSA-2020-2046 respectively. # include("compat.inc"); if (description) { script_id(136600); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-12397", "CVE-2020-6831" ); script_xref(name:"RHSA", value:"2020:2046"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Oracle Linux 8 : thunderbird (ELSA-2020-2046)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2020:2046 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2046 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-May/009912.html"); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/14"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"thunderbird-68.8.0-1.0.1.el8_2", allowmaj:TRUE)) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2037.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2037 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-02 modified 2020-05-06 plugin id 136351 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136351 title RHEL 7 : firefox (RHSA-2020:2037) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2037. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136351); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-6831", "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395" ); script_xref(name:"RHSA", value:"2020:2037"); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"RHEL 7 : firefox (RHSA-2020:2037)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2037 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/552.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2037"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12387"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12392"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-12395"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-6831"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831761"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831763"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831764"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1831765"); script_set_attribute(attribute:"solution", value: "Update the affected firefox package."); script_set_attribute(attribute:"risk_factor", value:"Critical"); script_cwe_id(120, 120, 416, 552); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'firefox-68.8.0-1.el7_8', 'cpu':'i686', 'release':'7', 'allowmaj':TRUE}, {'reference':'firefox-68.8.0-1.el7_8', 'cpu':'s390x', 'release':'7', 'allowmaj':TRUE}, {'reference':'firefox-68.8.0-1.el7_8', 'cpu':'x86_64', 'release':'7', 'allowmaj':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox'); }NASL family Scientific Linux Local Security Checks NASL id SL_20200511_THUNDERBIRD_ON_SL6_X.NASL description Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-12 plugin id 136486 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136486 title Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200511) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(136486); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/31"); script_cve_id( "CVE-2020-12387", "CVE-2020-12392", "CVE-2020-12395", "CVE-2020-12397", "CVE-2020-6831" ); script_xref(name:"IAVA", value:"2020-A-0190-S"); script_name(english:"Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200511)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) - Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2005&L=SCIENTIFIC-LINUX-ERRATA&P=5446 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?973ad8cc"); script_set_attribute( attribute:"solution", value: "Update the affected thunderbird and / or thunderbird-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"stig_severity", value:"II"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"thunderbird-68.8.0-1.el6_10", allowmaj:TRUE)) flag++; if (rpm_check(release:"SL6", reference:"thunderbird-debuginfo-68.8.0-1.el6_10", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2036.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2036 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-02 modified 2020-05-06 plugin id 136354 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136354 title RHEL 6 : firefox (RHSA-2020:2036) NASL family Scientific Linux Local Security Checks NASL id SL_20200511_THUNDERBIRD_ON_SL7_X.NASL description Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-12 plugin id 136487 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136487 title Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200511) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-621.NASL description This update for MozillaFirefox fixes the following issues : Update to version 68.8.0 ESR (bsc#1171186) : - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-11 plugin id 136450 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136450 title openSUSE Security Update : MozillaFirefox (openSUSE-2020-621) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-643.NASL description This update for MozillaThunderbird fixes the following issues : - Update to 68.8.0 ESR MFSA 2020-18 (bsc#1171186) - CVE-2020-12397 (bmo#1617370) Sender Email Address Spoofing using encoded Unicode characters - CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown - CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation - CVE-2020-12392 (bmo#1614468) Arbitrary local file access with last seen 2020-06-06 modified 2020-05-11 plugin id 136461 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136461 title openSUSE Security Update : MozillaThunderbird (openSUSE-2020-643) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2049.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2049 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-05 modified 2020-05-11 plugin id 136477 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136477 title RHEL 6 : thunderbird (RHSA-2020:2049) NASL family Windows NASL id MOZILLA_FIREFOX_76_0.NASL description The version of Firefox installed on the remote Windows host is prior to 76.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-16 advisory. - A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. (CVE-2020-12387) - The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firefox on Windows operating systems. (CVE-2020-12388, CVE-2020-12389) - A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. (CVE-2020-6831) - Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks (CVE-2020-12390) - Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. (CVE-2020-12391) - The last seen 2020-06-05 modified 2020-05-07 plugin id 136404 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136404 title Mozilla Firefox < 76.0 NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1429.NASL description The Mozilla Foundation Security Advisory describes this flaw as : On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in last seen 2020-06-06 modified 2020-05-21 plugin id 136752 published 2020-05-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136752 title Amazon Linux 2 : thunderbird (ALAS-2020-1429) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2031.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2031 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-02 modified 2020-05-06 plugin id 136342 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136342 title RHEL 8 : firefox (RHSA-2020:2031) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2050.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2050 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-05 modified 2020-05-11 plugin id 136475 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136475 title RHEL 7 : thunderbird (RHSA-2020:2050) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-126-01.NASL description New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-06 modified 2020-05-07 plugin id 136392 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136392 title Slackware 14.2 / current : mozilla-firefox (SSA:2020-126-01) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4353-2.NASL description USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. We apologize for the inconvenience. Original advisory details : Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12390, CVE-2020-12391, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396) It was discovered that the Devtools last seen 2020-06-06 modified 2020-05-13 plugin id 136545 published 2020-05-13 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136545 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : firefox regression (USN-4353-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2050.NASL description From Red Hat Security Advisory 2020:2050 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2050 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-13 plugin id 136543 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136543 title Oracle Linux 7 : thunderbird (ELSA-2020-2050) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4373-1.NASL description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2020-6831, CVE-2020-12387, CVE-2020-12395) It was discovered that the Devtools last seen 2020-06-06 modified 2020-05-27 plugin id 136894 published 2020-05-27 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136894 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : thunderbird vulnerabilities (USN-4373-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2037.NASL description From Red Hat Security Advisory 2020:2037 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2037 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-08 plugin id 136418 published 2020-05-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136418 title Oracle Linux 7 : firefox (ELSA-2020-2037) NASL family Scientific Linux Local Security Checks NASL id SL_20200506_FIREFOX_ON_SL7_X.NASL description Security Fix(es) : - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) - Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-07 plugin id 136390 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136390 title Scientific Linux Security Update : firefox on SL7.x x86_64 (20200506) NASL family Windows NASL id MOZILLA_FIREFOX_68_8_ESR.NASL description The version of Firefox ESR installed on the remote Windows host is prior to 68.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-07 plugin id 136357 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136357 title Mozilla Firefox ESR < 68.8 NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-1218-1.NASL description This update for MozillaFirefox fixes the following issues : Update to version 68.8.0 ESR (bsc#1171186) : CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens CVE-2020-12389: Sandbox escape with improperly separated process types CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-15 plugin id 136654 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136654 title SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1218-1) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_76_0.NASL description The version of Firefox installed on the remote macOS or Mac OS X host is prior to 76.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-16 advisory. - A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. (CVE-2020-12387) - The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firefox on Windows operating systems. (CVE-2020-12388, CVE-2020-12389) - A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. (CVE-2020-6831) - Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks (CVE-2020-12390) - Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. (CVE-2020-12391) - The last seen 2020-06-05 modified 2020-05-07 plugin id 136403 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136403 title Mozilla Firefox < 76.0 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2032.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2032 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-02 modified 2020-05-06 plugin id 136343 published 2020-05-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136343 title RHEL 8 : firefox (RHSA-2020:2032) NASL family MacOS X Local Security Checks NASL id MACOS_THUNDERBIRD_68_8_0.NASL description The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-07 plugin id 136358 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136358 title Mozilla Thunderbird < 68.8.0 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-2049.NASL description The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2049 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-06 modified 2020-05-22 plugin id 136775 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136775 title CentOS 6 : thunderbird (CESA-2020:2049) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2048.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2048 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-05 modified 2020-05-11 plugin id 136470 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136470 title RHEL 8 : thunderbird (RHSA-2020:2048) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_68_8_ESR.NASL description The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-05 modified 2020-05-07 plugin id 136356 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136356 title Mozilla Firefox ESR < 68.8 NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-1225-1.NASL description This update for MozillaThunderbird fixes the following issues : Update to 68.8.0 ESR MFSA 2020-18 (bsc#1171186) - CVE-2020-12397 (bmo#1617370) Sender Email Address Spoofing using encoded Unicode characters - CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown - CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation - CVE-2020-12392 (bmo#1614468) Arbitrary local file access with last seen 2020-06-06 modified 2020-05-15 plugin id 136658 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136658 title SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2020:1225-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202005-03.NASL description The remote host is affected by the vulnerability described in GLSA-202005-03 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition or spoof sender email address. Workaround : There is no known workaround at this time. last seen 2020-06-06 modified 2020-05-13 plugin id 136540 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136540 title GLSA-202005-03 : Mozilla Thunderbird: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2205.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debian 8 last seen 2020-06-06 modified 2020-05-11 plugin id 136427 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136427 title Debian DLA-2205-1 : firefox-esr security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2206.NASL description Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code. For Debian 8 last seen 2020-06-06 modified 2020-05-11 plugin id 136428 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136428 title Debian DLA-2206-1 : thunderbird security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4683.NASL description Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code. last seen 2020-06-06 modified 2020-05-11 plugin id 136431 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136431 title Debian DSA-4683-1 : thunderbird - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2047.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2047 advisory. - Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) - Mozilla: Arbitrary local file access with last seen 2020-06-05 modified 2020-05-11 plugin id 136471 published 2020-05-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136471 title RHEL 8 : thunderbird (RHSA-2020:2047)
Redhat
| rpms |
|
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1614468
- https://www.mozilla.org/security/advisories/mfsa2020-17/
- https://www.mozilla.org/security/advisories/mfsa2020-18/
- https://www.mozilla.org/security/advisories/mfsa2020-16/
- https://usn.ubuntu.com/4373-1/
- https://security.gentoo.org/glsa/202005-03
- https://security.gentoo.org/glsa/202005-04