DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2020-16042", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2020-16042", "description": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "published": "2021-01-08T19:15:00", "modified": "2021-07-21T11:39:00", "epss": [{"cve": "CVE-2020-16042", "epss": 0.00103, "percentile": 0.4075, "modified": "2023-06-06"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2020-16042", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2020-16042"], "immutableFields": [], "lastseen": "2023-06-23T11:05:40", "viewCount": 13, "enchantments": {"score": {"value": 6.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["66C794AFFFA5B21EBC31C0A6DEB0DF83", "DAE28B909B174D05D3368A9202D0417C"]}, {"type": "amazon", "idList": ["ALAS2-2021-1586"]}, {"type": "archlinux", "idList": ["ASA-202012-14", "ASA-202012-23", "ASA-202012-25"]}, {"type": "centos", "idList": ["CESA-2020:5618"]}, {"type": "chrome", "idList": ["GCSA-2952833725589367718"]}, {"type": "cve", "idList": ["CVE-2020-16042"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2496-1:09745", "DEBIAN:DLA-2497-1:13E0D", "DEBIAN:DSA-4813-1:29C6F", "DEBIAN:DSA-4815-1:53DAA", "DEBIAN:DSA-4815-1:B6168", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-16042"]}, {"type": "fedora", "idList": ["FEDORA:36BA8304C362", "FEDORA:7C45D30B3717"]}, {"type": "freebsd", "idList": ["01FFD06A-36ED-11EB-B655-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202012-05", "GLSA-202012-20"]}, {"type": "kaspersky", "idList": ["KLA12018", "KLA12029", "KLA12030", "KLA12031"]}, {"type": "mageia", "idList": ["MGASA-2020-0461", "MGASA-2020-0462"]}, {"type": "mozilla", "idList": ["MFSA2020-54", "MFSA2020-55", "MFSA2020-56"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1586.NASL", "CENTOS8_RHSA-2020-5562.NASL", "CENTOS_RHSA-2020-5618.NASL", "DEBIAN_DLA-2496.NASL", "DEBIAN_DLA-2497.NASL", "DEBIAN_DSA-4813.NASL", "DEBIAN_DSA-4815.NASL", "DEBIAN_DSA-4824.NASL", "FEDORA_2020-5B9C42F1B9.NASL", "FEDORA_2020-F43EFD09E8.NASL", "FREEBSD_PKG_01FFD06A36ED11EBB6553065EC8FD3EC.NASL", "GENTOO_GLSA-202012-05.NASL", "GENTOO_GLSA-202012-20.NASL", "GOOGLE_CHROME_87_0_4280_88.NASL", "MACOSX_GOOGLE_CHROME_87_0_4280_88.NASL", "MACOS_FIREFOX_78_6_ESR.NASL", "MACOS_FIREFOX_84_0.NASL", "MACOS_THUNDERBIRD_78_6.NASL", "MICROSOFT_EDGE_CHROMIUM_87_0_664_57.NASL", "MOZILLA_FIREFOX_78_6_ESR.NASL", "MOZILLA_FIREFOX_84_0.NASL", "MOZILLA_THUNDERBIRD_78_6.NASL", "NEWSTART_CGSL_NS-SA-2021-0018_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0089_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0091_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0119_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0120_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0154_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0172_THUNDERBIRD.NASL", "OPENSUSE-2020-2181.NASL", "OPENSUSE-2020-2216.NASL", "OPENSUSE-2020-2317.NASL", "OPENSUSE-2020-2318.NASL", "OPENSUSE-2020-2324.NASL", "OPENSUSE-2020-2325.NASL", "OPENSUSE-2020-2359.NASL", "OPENSUSE-2020-2360.NASL", "ORACLELINUX_ELSA-2020-55611.NASL", "ORACLELINUX_ELSA-2020-55621.NASL", "ORACLELINUX_ELSA-2020-56181.NASL", "ORACLELINUX_ELSA-2020-56241.NASL", "REDHAT-RHSA-2020-5561.NASL", "REDHAT-RHSA-2020-5562.NASL", "REDHAT-RHSA-2020-5563.NASL", "REDHAT-RHSA-2020-5564.NASL", "REDHAT-RHSA-2020-5565.NASL", "REDHAT-RHSA-2020-5618.NASL", "REDHAT-RHSA-2020-5622.NASL", "REDHAT-RHSA-2020-5624.NASL", "REDHAT-RHSA-2020-5644.NASL", "REDHAT-RHSA-2020-5645.NASL", "SL_20201217_FIREFOX_ON_SL7_X.NASL", "SL_20201217_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2020-14584-1.NASL", "SUSE_SU-2020-3901-1.NASL", "SUSE_SU-2020-3902-1.NASL", "SUSE_SU-2020-3903-1.NASL", "UBUNTU_USN-4671-1.NASL", "UBUNTU_USN-4701-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5561-1", "ELSA-2020-5562-1", "ELSA-2020-5618-1", "ELSA-2020-5624-1"]}, {"type": "osv", "idList": ["OSV:DLA-2496-1", "OSV:DLA-2497-1", "OSV:DSA-4813-1", "OSV:DSA-4815-1", "OSV:DSA-4824-1"]}, {"type": "photon", "idList": ["PHSA-2023-3.0-0602"]}, {"type": "redhat", "idList": ["RHSA-2020:5561", "RHSA-2020:5562", "RHSA-2020:5563", "RHSA-2020:5564", "RHSA-2020:5565", "RHSA-2020:5618", "RHSA-2020:5622", "RHSA-2020:5624", "RHSA-2020:5644", "RHSA-2020:5645"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-16042"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2181-1", "OPENSUSE-SU-2020:2213-1", "OPENSUSE-SU-2020:2216-1", "OPENSUSE-SU-2020:2229-1", "OPENSUSE-SU-2020:2317-1", "OPENSUSE-SU-2020:2318-1", "OPENSUSE-SU-2020:2324-1", "OPENSUSE-SU-2020:2325-1", "OPENSUSE-SU-2020:2359-1", "OPENSUSE-SU-2020:2360-1"]}, {"type": "threatpost", "idList": ["THREATPOST:BE769DEEED5A9DC3EB7A86AD40F8F968", "THREATPOST:F55C4CD0A4F3FA5A167B9D594CAD5EB8"]}, {"type": "ubuntu", "idList": ["USN-4671-1", "USN-4701-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16042"]}, {"type": "veracode", "idList": ["VERACODE:28616"]}]}, "vulnersScore": 6.0}, "_state": {"score": 1687518689, "dependencies": 1687518779}, "_internal": {"score_hash": "9218f121962203c3263c1402809bae2c"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.1-r0", "operator": "lt", "packageName": "thunderbird"}, {"OS": "Alpine", "OSVersion": "3.12-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.12-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "mozjs78"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "mozjs78"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "mozjs78"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "mozjs78"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.1-r0", "operator": "lt", "packageName": "thunderbird"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.1-r0", "operator": "lt", "packageName": "thunderbird"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.0-r0", "operator": "lt", "packageName": "firefox-esr"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "84.0.1-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "78.6.1-r0", "operator": "lt", "packageName": "thunderbird"}]}

{"cve": [{"lastseen": "2023-06-06T14:28:33", "description": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-08T19:15:00", "type": "cve", "title": "CVE-2020-16042", "cwe": ["CWE-908"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-16042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16042", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "veracode": [{"lastseen": "2022-07-26T16:48:01", "description": "firefox is vulnerable to memory leaks. When a BigInt was right-shifted, the backing store was not properly cleared, allowing uninitialized memory to be read. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-16T08:57:11", "type": "veracode", "title": "Memory Leaks", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042"], "modified": "2021-01-11T19:57:12", "id": "VERACODE:28616", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28616/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2023-06-06T15:06:35", "description": "The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-15T17:31:46", "type": "redhatcve", "title": "CVE-2020-16042", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042"], "modified": "2023-04-06T08:06:09", "id": "RH:CVE-2020-16042", "href": "https://access.redhat.com/security/cve/cve-2020-16042", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-06-06T14:53:43", "description": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-08T19:15:00", "type": "debiancve", "title": "CVE-2020-16042", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042"], "modified": "2021-01-08T19:15:00", "id": "DEBIANCVE:CVE-2020-16042", "href": "https://security-tracker.debian.org/tracker/CVE-2020-16042", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-29T14:03:23", "description": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a\nremote attacker to obtain potentially sensitive information from process\nmemory via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-16042", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042"], "modified": "2020-12-15T00:00:00", "id": "UB:CVE-2020-16042", "href": "https://ubuntu.com/security/CVE-2020-16042", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2020-12-15T21:20:13", "description": "A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also[ billed by Mozilla](<https://www.mozilla.org/en-US/firefox/84.0/releasenotes/>) as boosting the browser\u2019s performance and adding native support for macOS hardware running on its own Apple processors.\n\nIn total, six high-severity flaws were fixed, in addition to the critical bug, tracked as CVE-2020-16042. The specific critical bug in Firefox was also highlighted earlier this month in Google\u2019s Chrome [browser security update](<https://threatpost.com/google_chrome_bugs_patched/161907/>), where it was rated as a high-severity flaw.\n\nThe Firefox and Chrome bug in question ([CVE-2020-16042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042>)) is still not fully described by either browser maker, and is only listed as a memory bug.\n\n[](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar/>)\n\nClick to register.\n\n## **Mystery Bug Also Impacts Google Chrome Web Browser**\n\nIn the Mozilla security advisory, CVE-2020-16042 is described as a flaw in the JavaScript component called BigInt that \u201ccould have caused uninitialized memory to be exposed.\u201d\n\nBigInt is a JavaScript component used to represent \u201carbitrarily large integers\u201d in the context of a JavaScript process within the browser, [according to a Mozilla](<https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt>) description.\n\nGoogle describes the same flaw differently. It calls it an \u201cuninitialized-use\u201d bug impacting Chrome\u2019s V8 JavaScript engine. It is also unclear from Google\u2019s bulletin the exact nature of the flaw. But cybersecurity researchers have described these types of uninitialized-use bugs as \u201clargely overlooked\u201d and often \u201cregarded as insignificant memory errors.\u201d\n\n\u201c[These] are actually a critical attack vector that can be reliably exploited by hackers to launch privilege-escalation attacks in the Linux kernel,\u201d according to [2017 research published](<https://www.sciencedaily.com/releases/2017/03/170302115737.htm>) by the Georgia Institute of Technology.\n\nThe CVE [was also referenced last week by Microsoft](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200002>), as part of its [December Patch Tuesday](<https://threatpost.com/microsoft-patch-tuesday-holidays/162041/>) list of bugs impacting its Edge browser version 87.0.664.57. Microsoft\u2019s Edge browser, release in January 2020, is based on Google\u2019s open-source software project Chromium. The Chromium source code is used in Google\u2019s Chrome browser and Microsoft\u2019s 2020 Edge browser.\n\n## **The V8 JavaScript Engine and WebAssembly **\n\nThe V8 open-source JavaScript engine was developed by the Chromium Project for Google Chrome and Chromium web browsers. The V8 JavaScript engine is not supported by Firefox, but the WebAssembly component, often associated with V8, is.\n\nWebAssembly, or WASM for short, is an open standard that defines a portable binary-code format for executable programs, according to the [WebAssembly project](<https://webassembly.org/>). \u201cWebAssembly describes a memory-safe, sandboxed [execution environment](<https://webassembly.org/docs/semantics/#linear-memory>) that may even be implemented inside existing JavaScript virtual machines,\u201d according to the project website.\n\nMozilla\u2019s Firefox browser is not Chromium based. WASM is supported in Mozilla Firefox and Apple Safari, even though both do not use Google\u2019s V8. Some clues as to the nature of the bug can be derived by the fact the bug impacts both the Firefox and Chrome browser \u2013 the common denominator is WASM. In addition, a 2018 analysis of WASM and V8 bugs warned of possible security issues.\n\nIn 2018, Google\u2019s Project Zero published research titled \u201c[The Problems and Promise of WebAssembly](<https://googleprojectzero.blogspot.com/2018/08/the-problems-and-promise-of-webassembly.html>)\u201d and identified three vulnerabilities, which were mitigated. One future WASM threats, Google warned, was tied to WebAssembly\u2019s garbage collector (GC) function.\n\n## **WebAssembly the Culprit? **\n\nGC is an important process tied to JavaScript engines. \u201cJava applications obtain objects in memory as needed. It is the task of GC in the Java virtual machine (JVM) to automatically determine what memory is no longer being used by a Java application and to recycle this memory for other uses,\u201d describes John Worthington in a post on [the importance of GC](<https://www.eginnovations.com/blog/what-is-garbage-collection-java/>).\n\nAs for Google, it warned in 2018:\n\n\u201cWebAssembly [GC](<https://github.com/WebAssembly/gc>) is another potential feature of WebAssembly that could lead to security problems. Currently, some uses of WebAssembly have performance problems due to the lack of higher-level memory management in WebAssembly. For example, it is difficult to implement a performant Java Virtual Machine in WebAssembly. If WebAssembly GC is implemented, it will increase the number of applications that WebAssembly can be used for, but it will also make it more likely that vulnerabilities related to memory management will occur in both WebAssembly engines and applications written in WebAssembly.\u201d\n\nAt both national vulnerability database repositories, [MITRE](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042>) and [NIST](<https://nvd.nist.gov/vuln/detail/CVE-2020-16042>), the technical specifics of the CVE have yet to be publicly disclosed. In Google\u2019s December Security Bulletin, it noted details tied to CVE-2020-16042 and other bugs were being withheld, \u201cuntil a majority of users are updated with a fix.\u201d It also noted that when and if bugs exist in third-party code libraries used in other devices or platforms, technical details of the bugs are limited.\n\nCredited for finding the bug is bug hunter Andr\u00e9 Bargull, who originally reported the bug on November 23, according to Google.\n\n## **Six High-Severity Firefox Bugs **\n\nMemory issues dominated the list of high-severity bugs patched by Mozilla Tuesday. Two \u201cmemory safety bugs\u201d (CVE-2020-35114 and CVE-2020-35113) were patched. Both CVEs addressed bugs in Firefox 84 and its large-enterprise Firefox extended support release (ESR) 78.6 browser.\n\n\u201cSome of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,\u201d Mozilla wrote of both bugs.\n\nAlso tied to browser memory are bugs tracked as [CVE-2020-26971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26971>), [CVE-2020-26972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26972>) and [CVE-2020-26973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=https://security.archlinux.org/CVE-2020-26973>), which include a heap-buffer-overflow in WebGL, use-after-free in WebGL and a CSS sanitizer performed incorrect sanitization flaw.\n\n_**Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a **_[_**FREE Threatpost webinar**_](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)_** on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. **_\n\n_**Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, Israel Barak, CISO at Cybereason and Limor Kessem, Executive Security Advisor at IBM Security on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. **_[_**Register here**_](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)_** for the Wed., Dec. 16 for this LIVE webinar.**_\n", "cvss3": {}, "published": "2020-12-15T21:04:30", "type": "threatpost", "title": "Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2020-12-15T21:04:30", "id": "THREATPOST:F55C4CD0A4F3FA5A167B9D594CAD5EB8", "href": "https://threatpost.com/firefox-patches-critical-mystery-bug-also-impacting-google-chrome/162294/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-04T20:49:47", "description": "Google has updated its Chrome web browser, fixing four bugs with a severity rating of \u201chigh\u201d and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser\u2019s memory, opening the door to a browser hack and host computer compromise.\n\nOn Friday, the Cybersecurity and Infrastructure Security Agency (CISA) [issued a security bulletin](<https://us-cert.cisa.gov/ncas/current-activity/2020/12/04/google-releases-security-updates-chrome>) urging users and infosec administrators to apply the update. The agency warned that the vulnerabilities can be used by an attacker \u201cto take control of an affected system.\u201d[](<https://threatpost.com/newsletter-sign/>)\n\nAccording to Google\u2019s December security bulletin, previous Windows, macOS and Linux versions of the Chrome desktop browser are vulnerable to attacks. An updated 87.0.4280.88 version of Chrome addresses the bugs and will \u201croll out over the coming days/weeks,\u201d [Google wrote](<https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html>).\n\n## **How to Manually Update Your Chrome Browser**\n\nTo manually update your Chrome browser, visit Chrome\u2019s customization drop-down menu in the upper-right hand side of the client. From that menu select \u201cHelp\u201d and then \u201cAbout Google Chrome.\u201d Opening that menu item automatically triggers Chrome to look for updates.\n\nDetails tied to each of the bugs are being withheld at this time, Google said, \u201cuntil a majority of users are updated with a fix.\u201d It also noted that when and if bugs exist in third-party code libraries used in other devices or platforms, technical details of the bugs will be limited.\n\n## **Bug Breakdowns: Unique Linux Flaw **\n\nThree high-severity bugs each include use-after-free elements impacting memory, tied to Chrome\u2019s clipboard, media and extensions components. The bugs are tracked as CVE-2020-16037, CVE-2020-16038 and CVE-2020-16039.\n\nThe fourth high-severity bug (CVE-2020-16040) impacts Google\u2019s open-source and high-performance JavaScript and WebAssembly engine, called V8. The bug is identified as an insufficient-data-validation flaw, which in some cases opens targets to cross-site scripting attacks.\n\nGoogle\u2019s V8 JavaScript engine also received a second patch this month \u2014 one of two medium-severity bugs reported this December. Tracked as CVE-2020-16042, that issue is identified as an \u201cuninitialized-use\u201d bug impacting V8. It\u2019s unclear from Google\u2019s bulletin the exact nature of the flaw. But cybersecurity researchers have described these types of uninitialized-use bugs as \u201clargely overlooked\u201d and often \u201cregarded as insignificant memory errors.\u201d\n\n\u201c[These] are actually a critical attack vector that can be reliably exploited by hackers to launch privilege-escalation attacks in the Linux kernel,\u201d according to [2017 research published](<https://www.sciencedaily.com/releases/2017/03/170302115737.htm>) by the Georgia Institute of Technology.\n\nA second medium-severity bug (CVE-2020-16041) is an \u201cout-of-bounds read in networking\u201d vulnerability. This could allow an adversary to improperly access objects in memory. While technical details of the CVE are also being withheld, this type of vulnerability could allow an unauthenticated adversary to send a malformed message to vulnerable software. Due to insufficient validation of the message, the targeted program could be forced to crash.\n\nGoogle acknowledged several security researchers that contributed to identifying this month\u2019s bugs. Ryoya Tsukasaki was thanked for finding the use-after-free bug (CVE-2020-16037) in the Chrome clipboard, which earned the researcher a $5,000 bug bounty. Khalil Zhani, Lucas Pinheiro, Sergei Glazunov, Andr\u00e9 Bargull and Mark Brand were also credited for their bug-hunting efforts.\n\n**_Put Ransomware on the Run: Save your spot for \u201cWhat\u2019s Next for Ransomware,\u201d a _**[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ on Dec. 16 at 2 p.m. ET. Find out what\u2019s coming in the ransomware world and how to fight back. _**\n\n**_Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. _**[**_Register here_**](<https://threatpost.com/webinars/whats-next-for-ransomware/?utm_source=ART&utm_medium=ART&utm_campaign=Dec_webinar>)**_ for the Wed., Dec. 16 for this LIVE webinar._**\n", "cvss3": {}, "published": "2020-12-04T20:40:45", "type": "threatpost", "title": "High-Severity Chrome Bugs Allow Browser Hacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-04T20:40:45", "id": "THREATPOST:BE769DEEED5A9DC3EB7A86AD40F8F968", "href": "https://threatpost.com/google_chrome_bugs_patched/161907/", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2216=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-09T00:00:00", "id": "OPENSUSE-SU-2020:2216-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XPQHVY33MWDC273XBHHGBLLDEBESEZOU/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-09T21:01:21", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n This update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-2213=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-09T00:00:00", "id": "OPENSUSE-SU-2020:2213-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VCC4XLQNOV2QXKDOJAWY34R26577RWDC/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Update to version 73.0.3856.284\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n - DNA-88454 Background of snap area above visible scrolled viewport is\n not captured\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n - DNA-89923 [Snap] Emojis look grayed out\n - DNA-90060 Make gesture events work with search-in-tabs feature\n - DNA-90168 Display SD suggestions titles\n - DNA-90176 Player doesn\ufffd\ufffd\ufffdt show music service to choose on Welcome page\n - DNA-90343 [Mac] Cmd+C doesn\ufffd\ufffd\ufffdt copy snapshot\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - The update to chromium 87.0.4280.88 fixes following issues:\n CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040,\n CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n - DNA-89918 #enable-force-dark flag doesn\ufffd\ufffd\ufffdt work anymore\n - DNA-90061 Clicking on video\ufffd\ufffd\ufffds progress bar breaks autopausing\n - DNA-90079 [BigSur] Blank pages\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2020-2360=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-29T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-29T00:00:00", "id": "OPENSUSE-SU-2020:2360-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2181=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-07T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-07T00:00:00", "id": "OPENSUSE-SU-2020:2181-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CDMZGVMNSMD6LDMI25NDRZ36NEBSFUHY/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n - Update to version 73.0.3856.284\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n - DNA-88454 Background of snap area above visible scrolled viewport is\n not captured\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n - DNA-89923 [Snap] Emojis look grayed out\n - DNA-90060 Make gesture events work with search-in-tabs feature\n - DNA-90168 Display SD suggestions titles\n - DNA-90176 Player doesn\ufffd\ufffd\ufffdt show music service to choose on Welcome page\n - DNA-90343 [Mac] Cmd+C doesn\ufffd\ufffd\ufffdt copy snapshot\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - The update to chromium 87.0.4280.88 fixes following issues:\n CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040,\n CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n - DNA-89918 #enable-force-dark flag doesn\ufffd\ufffd\ufffdt work anymore\n - DNA-90061 Clicking on video\ufffd\ufffd\ufffds progress bar breaks autopausing\n - DNA-90079 [BigSur] Blank pages\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type, extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:NonFree:\n\n zypper in -t patch openSUSE-2020-2359=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-29T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-29T00:00:00", "id": "OPENSUSE-SU-2020:2359-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AKN6XFMHGSU5TFVYGT3C4SOLOD7IXLXK/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Update to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n - CVE-2020-16038: Use after free in media\n - CVE-2020-16039: Use after free in extensions\n - CVE-2020-16040: Insufficient data validation in V8\n - CVE-2020-16041: Out of bounds read in networking\n - CVE-2020-16042: Uninitialized Use in V8\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-2229=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-11T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2020-12-11T00:00:00", "id": "OPENSUSE-SU-2020:2229-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LVYWJ3IDOZBKDSDO2ORAHQLOXALQJEGV/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaFirefox fixes the following issues:\n\n - Firefox Extended Support Release 78.6.0 ESR\n * Fixed: Various stability, functionality, and security fixes MFSA\n 2020-55 (bsc#1180039)\n * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused\n uninitialized memory to be exposed\n * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect\n sanitization\n * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis\n resulted in a heap use-after-free\n * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been\n probed by a malicious webpage\n * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch\n view-source URLs\n * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may\n have inadvertently launched an executable instead\n * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in\n Firefox 84 and Firefox ESR 78.6\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2325=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-25T00:00:00", "type": "suse", "title": "Security update for MozillaFirefox (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2020-12-25T00:00:00", "id": "OPENSUSE-SU-2020:2325-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JZN3OVPTOCIWBAWJK4JZQDXFN752D6AR/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T12:09:37", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Mozilla Thunderbird 78.6\n * new: MailExtensions: Added browser.windows.openDefaultBrowser()\n (bmo#1664708)\n * changed: Thunderbird now only shows quota exceeded indications on the\n main window (bmo#1671748)\n * changed: MailExtensions: menus API enabled in messages being composed\n (bmo#1670832)\n * changed: MailExtensions: Honor allowScriptsToClose argument in\n windows.create API function (bmo#1675940)\n * changed: MailExtensions: APIs that returned an accountId will reflect\n the account the message belongs to, not what is stored in message\n headers (bmo#1644032)\n * fixed: Keyboard shortcut for toggling message \"read\" status not shown\n in menus (bmo#1619248)\n * fixed: OpenPGP: After importing a secret key, Key Manager displayed\n properties of the wrong key (bmo#1667054)\n * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)\n * fixed: OpenPGP: Discovering keys online via Key Manager sometimes\n failed on Linux (bmo#1634053)\n * fixed: OpenPGP: Encrypted attachment \"Decrypt and Open/Save As\" did\n not work (bmo#1663169)\n * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)\n * fixed: OpenPGP: Verification of clear signed UTF-8 text failed\n (bmo#1679756)\n * fixed: Address book: Some columns incorrectly displayed no data\n (bmo#1631201)\n * fixed: Address book: The address book view did not update after\n changing the name format in the menu (bmo#1678555)\n * fixed: Calendar: Could not import an ICS file into a CalDAV calendar\n (bmo#1652984)\n * fixed: Calendar: Two \"Home\" calendars were visible on a new profile\n (bmo#1656782)\n * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543)\n * fixed: Dark theme did not apply to new mail notification popups\n (bmo#1681083)\n * fixed: Folder icon, message list, and contact side bar visual\n improvements (bmo#1679436)\n * fixed: MailExtensions: HTTP refresh in browser content tabs did not\n work (bmo#1667774)\n * fixed: MailExtensions: messageDisplayScripts failed to run in main\n window (bmo#1674932)\n * fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused\n uninitialized memory to be exposed\n * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect\n sanitization\n * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis\n resulted in a heap use-after-free\n * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been\n probed by a malicious webpage\n * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch\n view-source URLs\n * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may\n have inadvertently launched an executable instead\n * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in\n Thunderbird 78.6\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2317=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-22T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2020-12-22T00:00:00", "id": "OPENSUSE-SU-2020:2317-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2QCFZEEQXUPUIJMYJR56E3SKEU6WOF7G/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:49", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Mozilla Thunderbird 78.6\n * new: MailExtensions: Added browser.windows.openDefaultBrowser()\n (bmo#1664708)\n * changed: Thunderbird now only shows quota exceeded indications on the\n main window (bmo#1671748)\n * changed: MailExtensions: menus API enabled in messages being composed\n (bmo#1670832)\n * changed: MailExtensions: Honor allowScriptsToClose argument in\n windows.create API function (bmo#1675940)\n * changed: MailExtensions: APIs that returned an accountId will reflect\n the account the message belongs to, not what is stored in message\n headers (bmo#1644032)\n * fixed: Keyboard shortcut for toggling message \"read\" status not shown\n in menus (bmo#1619248)\n * fixed: OpenPGP: After importing a secret key, Key Manager displayed\n properties of the wrong key (bmo#1667054)\n * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)\n * fixed: OpenPGP: Discovering keys online via Key Manager sometimes\n failed on Linux (bmo#1634053)\n * fixed: OpenPGP: Encrypted attachment \"Decrypt and Open/Save As\" did\n not work (bmo#1663169)\n * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)\n * fixed: OpenPGP: Verification of clear signed UTF-8 text failed\n (bmo#1679756)\n * fixed: Address book: Some columns incorrectly displayed no data\n (bmo#1631201)\n * fixed: Address book: The address book view did not update after\n changing the name format in the menu (bmo#1678555)\n * fixed: Calendar: Could not import an ICS file into a CalDAV calendar\n (bmo#1652984)\n * fixed: Calendar: Two \"Home\" calendars were visible on a new profile\n (bmo#1656782)\n * fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543)\n * fixed: Dark theme did not apply to new mail notification popups\n (bmo#1681083)\n * fixed: Folder icon, message list, and contact side bar visual\n improvements (bmo#1679436)\n * fixed: MailExtensions: HTTP refresh in browser content tabs did not\n work (bmo#1667774)\n * fixed: MailExtensions: messageDisplayScripts failed to run in main\n window (bmo#1674932)\n * fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused\n uninitialized memory to be exposed\n * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect\n sanitization\n * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis\n resulted in a heap use-after-free\n * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been\n probed by a malicious webpage\n * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch\n view-source URLs\n * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may\n have inadvertently launched an executable instead\n * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in\n Thunderbird 78.6\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2324=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-25T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2020-12-25T00:00:00", "id": "OPENSUSE-SU-2020:2324-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MFGNB2YB4LDKDYXRSTS5R357XYHABN5P/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T12:09:37", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaFirefox fixes the following issues:\n\n - Firefox Extended Support Release 78.6.0 ESR\n * Fixed: Various stability, functionality, and security fixes MFSA\n 2020-55 (bsc#1180039)\n * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused\n uninitialized memory to be exposed\n * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect\n sanitization\n * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis\n resulted in a heap use-after-free\n * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been\n probed by a malicious webpage\n * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch\n view-source URLs\n * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may\n have inadvertently launched an executable instead\n * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in\n Firefox 84 and Firefox ESR 78.6\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2318=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-22T00:00:00", "type": "suse", "title": "Security update for MozillaFirefox (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2020-12-22T00:00:00", "id": "OPENSUSE-SU-2020:2318-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LL2B6S5KIA4HGLES3CDLSB4VRZW275H2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:25:33", "description": "Update to 87.0.4280.88. As with pretty much every chromium release ever, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "Fedora 33 : chromium (2020-f43efd09e8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-F43EFD09E8.NASL", "href": "https://www.tenable.com/plugins/nessus/144036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-f43efd09e8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144036);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"FEDORA\", value:\"2020-f43efd09e8\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Fedora 33 : chromium (2020-f43efd09e8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 87.0.4280.88. As with pretty much every chromium release\never, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040\nCVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f43efd09e8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"chromium-87.0.4280.88-1.fc33\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:14:13", "description": "This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8", "cvss3": {}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/143545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2181.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143545);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-2181)\");\n script_summary(english:\"Check for the openSUSE-2020-2181 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 (boo#1179576)\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179576\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-87.0.4280.88-lp152.2.57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-87.0.4280.88-lp152.2.57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-87.0.4280.88-lp152.2.57.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-87.0.4280.88-lp152.2.57.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:08", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn&rsquo;t show music service to choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn&rsquo;t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn&rsquo;t work anymore\n\n - DNA-90061 Clicking on video&rsquo;s progress bar breaks autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-2360)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2360.NASL", "href": "https://www.tenable.com/plugins/nessus/145375", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2360.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145375);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-2360)\");\n script_summary(english:\"Check for the openSUSE-2020-2360 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled\n viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow\n / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address\n bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs\n feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn&rsquo;t show music service to\n choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn&rsquo;t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following\n issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039,\n CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn&rsquo;t work\n anymore\n\n - DNA-90061 Clicking on video&rsquo;s progress bar breaks\n autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-73.0.3856.284-lp152.2.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:10", "description": "Chrome Releases reports :\n\nThis release contains 8 security fixes, including :\n\n- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki on 2020-10-26\n\n- [1138683] High CVE-2020-16038: Use after free in media. Reported by Khalil Zhani on 2020-10-14\n\n- [1149177] High CVE-2020-16039: Use after free in extensions.\nReported by Anonymous on 2020-11-15\n\n- [1150649] High CVE-2020-16040: Insufficient data validation in V8.\nReported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-11-19\n\n- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.\nReported by Sergei Glazunov and Mark Brand of Google Project Zero on 2020-11-23\n\n- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported by Andre Bargull on 2020-11-2", "cvss3": {}, "published": "2020-12-07T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_01FFD06A36ED11EBB6553065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/143517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143517);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (01ffd06a-36ed-11eb-b655-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 8 security fixes, including :\n\n- [1142331] High CVE-2020-16037: Use after free in clipboard. Reported\nby Ryoya Tsukasaki on 2020-10-26\n\n- [1138683] High CVE-2020-16038: Use after free in media. Reported by\nKhalil Zhani on 2020-10-14\n\n- [1149177] High CVE-2020-16039: Use after free in extensions.\nReported by Anonymous on 2020-11-15\n\n- [1150649] High CVE-2020-16040: Insufficient data validation in V8.\nReported by Lucas Pinheiro, Microsoft Browser Vulnerability Research\non 2020-11-19\n\n- [1151865] Medium CVE-2020-16041: Out of bounds read in networking.\nReported by Sergei Glazunov and Mark Brand of Google Project Zero on\n2020-11-23\n\n- [1151890] Medium CVE-2020-16042: Uninitialized Use in V8. Reported\nby Andre Bargull on 2020-11-2\"\n );\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b9934e1\"\n );\n # https://vuxml.freebsd.org/freebsd/01ffd06a-36ed-11eb-b655-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79a19458\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<87.0.4280.88\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:03", "description": "The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Google Chrome < 87.0.4280.88 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_87_0_4280_88.NASL", "href": "https://www.tenable.com/plugins/nessus/143471", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143471);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.88 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 87.0.4280.88. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b9934e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1142331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151890\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.88 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'87.0.4280.88', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:06", "description": "Update to 87.0.4280.88. As with pretty much every chromium release ever, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-21T00:00:00", "type": "nessus", "title": "Fedora 32 : chromium (2020-5b9c42f1b9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-5B9C42F1B9.NASL", "href": "https://www.tenable.com/plugins/nessus/144487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5b9c42f1b9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144487);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"FEDORA\", value:\"2020-5b9c42f1b9\");\n\n script_name(english:\"Fedora 32 : chromium (2020-5b9c42f1b9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 87.0.4280.88. As with pretty much every chromium release\never, this fixes some security bugs. This batch is :\n\nCVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040\nCVE-2020-16041 CVE-2020-16042\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b9c42f1b9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"chromium-87.0.4280.88-1.fc32\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:18", "description": "This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8", "cvss3": {}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-2216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2216.NASL", "href": "https://www.tenable.com/plugins/nessus/144020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144020);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-2216)\");\n script_summary(english:\"Check for the openSUSE-2020-2216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 87.0.4280.88 boo#1179576\n\n - CVE-2020-16037: Use after free in clipboard\n\n - CVE-2020-16038: Use after free in media\n\n - CVE-2020-16039: Use after free in extensions\n\n - CVE-2020-16040: Insufficient data validation in V8\n\n - CVE-2020-16041: Out of bounds read in networking\n\n - CVE-2020-16042: Uninitialized Use in V8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179576\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-87.0.4280.88-lp151.2.162.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-87.0.4280.88-lp151.2.162.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-87.0.4280.88-lp151.2.162.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-87.0.4280.88-lp151.2.162.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:13", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-20T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_87_0_664_57.NASL", "href": "https://www.tenable.com/plugins/nessus/143588", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143588);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 87.0.664.57 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 87.0.664.57. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-12-7-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 87.0.664.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '87.0.664.57' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:34", "description": "The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.88. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Google Chrome < 87.0.4280.88 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-20T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_87_0_4280_88.NASL", "href": "https://www.tenable.com/plugins/nessus/143470", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143470);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-16037\",\n \"CVE-2020-16038\",\n \"CVE-2020-16039\",\n \"CVE-2020-16040\",\n \"CVE-2020-16041\",\n \"CVE-2020-16042\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"Google Chrome < 87.0.4280.88 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.88. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_12_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b9934e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1142331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1149177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1150649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151890\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 87.0.4280.88 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16039\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'87.0.4280.88', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:28", "description": "This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn&rsquo;t show music service to choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn&rsquo;t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn&rsquo;t work anymore\n\n - DNA-90061 Clicking on video&rsquo;s progress bar breaks autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-2359)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2359.NASL", "href": "https://www.tenable.com/plugins/nessus/145317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2359.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145317);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2020-16037\", \"CVE-2020-16038\", \"CVE-2020-16039\", \"CVE-2020-16040\", \"CVE-2020-16041\", \"CVE-2020-16042\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-2359)\");\n script_summary(english:\"Check for the openSUSE-2020-2359 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 73.0.3856.284\n\n - CHR-8225 Update chromium on desktop-stable-87-3856 to\n 87.0.4280.88\n\n - DNA-88454 Background of snap area above visible scrolled\n viewport is not captured\n\n - DNA-89749 Implement client_capabilities support for Flow\n / Sync\n\n - DNA-89810 Opera no longer autoselects full url/address\n bar when clicked\n\n - DNA-89923 [Snap] Emojis look grayed out\n\n - DNA-90060 Make gesture events work with search-in-tabs\n feature\n\n - DNA-90168 Display SD suggestions titles\n\n - DNA-90176 Player doesn&rsquo;t show music service to\n choose on Welcome page\n\n - DNA-90343 [Mac] Cmd+C doesn&rsquo;t copy snapshot\n\n - DNA-90538 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - The update to chromium 87.0.4280.88 fixes following\n issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039,\n CVE-2020-16040, CVE-2020-16041, CVE-2020-16042\n\n - Update to version 73.0.3856.257\n\n - DNA-89918 #enable-force-dark flag doesn&rsquo;t work\n anymore\n\n - DNA-90061 Clicking on video&rsquo;s progress bar breaks\n autopausing\n\n - DNA-90079 [BigSur] Blank pages\n\n - DNA-90154 Crash at extensions::CommandService::\n GetExtensionActionCommand(std::__1::basic_string const&,\n extensions::ActionInfo::Type,\n extensions::CommandService:: QueryType,\n extensions::Command*, bool*)\n\n - Complete Opera 73.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-73/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-73.0.3856.284-lp151.2.39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:53", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5624 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2020:5624)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-5624.NASL", "href": "https://www.tenable.com/plugins/nessus/144416", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5624. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144416);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5624\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2020:5624)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5624 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:29", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5565 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2020:5565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-5565.NASL", "href": "https://www.tenable.com/plugins/nessus/144403", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5565. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144403);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5565\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:5565)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5565 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.6.0-1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:22:23", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-55611 advisory.\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ELSA-2020-5561-1: / firefox (ELSA-2020-55611)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2020-55611.NASL", "href": "https://www.tenable.com/plugins/nessus/144340", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-55611.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144340);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Oracle Linux 7 : ELSA-2020-5561-1: / firefox (ELSA-2020-55611)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-55611 advisory.\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the\n proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such\n URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object\n could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory\n corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5561-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'firefox-78.6.0-1.0.1.el7_9', 'release':'7', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:45", "description": "The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:5618 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "CentOS 7 : thunderbird (CESA-2020:5618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2020-12-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5618.NASL", "href": "https://www.tenable.com/plugins/nessus/144547", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5618 and\n# CentOS Errata and Security Advisory 2020:5618 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144547);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/23\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5618\");\n\n script_name(english:\"CentOS 7 : thunderbird (CESA-2020:5618)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:5618 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-December/048242.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe6aa236\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.6.0-1.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:42", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.\n\nFor Debian 9 stretch, these problems have been fixed in version 78.6.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Debian DLA-2496-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2496.NASL", "href": "https://www.tenable.com/plugins/nessus/144350", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2496-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144350);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35113\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Debian DLA-2496-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode, information disclosure or CSS sanitiser bypass.\n\nFor Debian 9 stretch, these problems have been fixed in version\n78.6.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-dev\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-af\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-all\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-an\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-as\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-az\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-br\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-da\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-de\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-el\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-et\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-he\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-id\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-is\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-it\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-km\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-or\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-si\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-son\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-te\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-th\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-dev\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ach\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-af\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-all\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-an\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ar\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-as\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ast\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-az\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bg\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-br\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-bs\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ca\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cak\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cs\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-cy\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-da\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-de\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-el\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eo\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-et\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-eu\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fa\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ff\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fi\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gd\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-he\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hu\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-id\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-is\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-it\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ja\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ka\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kab\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-km\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-kn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ko\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lij\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lt\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-lv\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mai\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ml\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-mr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ms\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-or\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-rm\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ro\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ru\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-si\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sl\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-son\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sq\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-ta\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-te\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-th\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-tr\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uk\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-uz\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-vi\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-xh\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"78.6.0esr-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:54", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5562 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2020:5562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-5562.NASL", "href": "https://www.tenable.com/plugins/nessus/144422", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5562. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144422);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5562\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:5562)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5562 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_3', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:00", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5561-1 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2020:5561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-07T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo"], "id": "SL_20201217_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/144367", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144367);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2020:5561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2020:5561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2020:5561-1 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20205561-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox and / or firefox-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'firefox-78.6.0-1.el7_9', 'cpu':'i686', 'release':'SL7', 'allowmaj':TRUE},\n {'reference':'firefox-78.6.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'allowmaj':TRUE},\n {'reference':'firefox-debuginfo-78.6.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:46", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5561 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 7 : firefox (RHSA-2020:5561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-5561.NASL", "href": "https://www.tenable.com/plugins/nessus/144397", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5561. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144397);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2020:5561)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5561 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:23", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-56181 advisory.\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ELSA-2020-5618-1: / thunderbird (ELSA-2020-56181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2020-12-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2020-56181.NASL", "href": "https://www.tenable.com/plugins/nessus/144447", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-56181.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n\n script_name(english:\"Oracle Linux 7 : ELSA-2020-5618-1: / thunderbird (ELSA-2020-56181)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-56181 advisory.\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the\n proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such\n URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object\n could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory\n corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5618-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.6.0-1.0.1.el7_9', 'release':'7', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:38", "description": "Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Debian DSA-4815-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:thunderbird", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4815.NASL", "href": "https://www.tenable.com/plugins/nessus/144426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4815. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144426);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35113\");\n script_xref(name:\"DSA\", value:\"4815\");\n\n script_name(english:\"Debian DSA-4815-1 : thunderbird - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been found in Thunderbird, which may\nlead to the execution of arbitrary code, denial of service or\ninformation leak.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4815\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the thunderbird packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1:78.6.0-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"calendar-google-provider\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ar\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ast\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-be\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-bg\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-br\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ca\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-cs\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-cy\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-da\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-de\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-el\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-et\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-eu\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fi\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-gd\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-gl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-he\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hu\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-id\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-is\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-it\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ja\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-kab\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-kk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ko\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-lt\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ms\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-rm\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ro\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-ru\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-si\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sq\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-tr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-uk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-vi\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-cy\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-kk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ms\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:78.6.0-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:23", "description": "Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.\n\nFor Debian 9 stretch, these problems have been fixed in version 1:78.6.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Debian DLA-2497-1 : thunderbird security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:icedove-l10n-all", "p-cpe:/a:debian:debian_linux:icedove-l10n-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-ast", "p-cpe:/a:debian:debian_linux:icedove-l10n-be", "p-cpe:/a:debian:debian_linux:icedove-l10n-bg", "p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:icedove-l10n-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-ca", "p-cpe:/a:debian:debian_linux:icedove-l10n-cs", "p-cpe:/a:debian:debian_linux:icedove-l10n-da", "p-cpe:/a:debian:debian_linux:icedove-l10n-de", "p-cpe:/a:debian:debian_linux:icedove-l10n-dsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-el", "p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-es", "p-cpe:/a:debian:debian_linux:icedove-l10n-et", "p-cpe:/a:debian:debian_linux:icedove-l10n-eu", "p-cpe:/a:debian:debian_linux:icedove-l10n-fi", "p-cpe:/a:debian:debian_linux:icedove-l10n-fr", "p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:icedove-l10n-gd", "p-cpe:/a:debian:debian_linux:icedove-l10n-gl", "p-cpe:/a:debian:debian_linux:icedove-l10n-he", "p-cpe:/a:debian:debian_linux:icedove-l10n-hr", "p-cpe:/a:debian:debian_linux:icedove-l10n-hsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-hu", "p-cpe:/a:debian:debian_linux:icedove-l10n-sq", "p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am", "p-cpe:/a:debian:debian_linux:icedove-l10n-id", "p-cpe:/a:debian:debian_linux:icedove-l10n-is", "p-cpe:/a:debian:debian_linux:icedove-l10n-sr", "p-cpe:/a:debian:debian_linux:icedove-l10n-it", "p-cpe:/a:debian:debian_linux:icedove-l10n-ja", "p-cpe:/a:debian:debian_linux:icedove-l10n-kab", "p-cpe:/a:debian:debian_linux:icedove-l10n-ko", "p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se", "p-cpe:/a:debian:debian_linux:icedove-l10n-lt", "p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:icedove-l10n-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in", "p-cpe:/a:debian:debian_linux:icedove-l10n-tr", "p-cpe:/a:debian:debian_linux:icedove-l10n-pl", "p-cpe:/a:debian:debian_linux:icedove-l10n-uk", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:icedove-l10n-vi", "p-cpe:/a:debian:debian_linux:icedove-l10n-rm", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:icedove-l10n-ro", "p-cpe:/a:debian:debian_linux:icedove-l10n-ru", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:icedove-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-extension", "p-cpe:/a:debian:debian_linux:icedove-l10n-sk", "p-cpe:/a:debian:debian_linux:icedove-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-rm", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ru", "p-cpe:/a:debian:debian_linux:iceowl-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cs", "p-cpe:/a:debian:debian_linux:iceowl-l10n-tr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-uk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-vi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceowl-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:iceowl-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:iceowl-l10n-id", "p-cpe:/a:debian:debian_linux:iceowl-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-dbg", "p-cpe:/a:debian:debian_linux:thunderbird-dev", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2497.NASL", "href": "https://www.tenable.com/plugins/nessus/144439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2497-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144439);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35113\");\n\n script_name(english:\"Debian DLA-2497-1 : thunderbird security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been found in Thunderbird, which may\nlead to the execution of arbitrary code, denial of service or\ninformation leak.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:78.6.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/thunderbird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"calendar-google-provider\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dbg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-dev\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-all\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ast\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-be\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-bn-bd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ca\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-cs\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-da\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-de\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-dsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-el\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-en-gb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-es-es\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-et\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-eu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-fy-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ga-ie\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-gl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-he\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-hy-am\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-id\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-is\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-it\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ja\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-kab\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ko\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-lt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nb-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-nn-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pa-in\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-pt-pt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-rm\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ro\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ru\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-si\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sq\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-sv-se\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-ta-lk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-tr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-uk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-vi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-cn\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"icedove-l10n-zh-tw\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-extension\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ast\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-be\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-bn-bd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ca\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cs\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-cy\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-da\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-de\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-dsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-el\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-en-gb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-es-es\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-et\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-eu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-fy-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ga-ie\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-gl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-he\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-hy-am\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-id\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-is\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-it\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ja\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-kab\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ko\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-lt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nb-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-nn-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pa-in\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-pt-pt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-rm\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ro\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ru\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-si\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sq\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-sv-se\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-ta-lk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-tr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-uk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-vi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-cn\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"iceowl-l10n-zh-tw\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ast\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-be\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-bn-bd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ca\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cs\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-cy\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-da\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-de\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-dsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-el\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-en-gb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-es-es\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-et\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-eu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-fy-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ga-ie\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-gl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-he\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-hy-am\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-id\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-is\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-it\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ja\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-kab\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ko\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-lt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nb-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-nn-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pa-in\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-pt-pt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-rm\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ro\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ru\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-si\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sq\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-sv-se\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-ta-lk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-tr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-uk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-vi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-cn\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lightning-l10n-zh-tw\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dbg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-dev\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-all\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ast\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-be\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bg\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-bn-bd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ca\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-cs\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-da\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-de\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-dsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-el\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-en-gb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-ar\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-es-es\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-et\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-eu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-fy-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ga-ie\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gd\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-gl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-he\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hsb\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hu\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-hy-am\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-id\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-is\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-it\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ja\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-kab\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ko\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-lt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nb-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-nn-no\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pa-in\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-br\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-pt-pt\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-rm\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ro\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ru\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-si\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sl\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sq\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-sv-se\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-ta-lk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-tr\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-uk\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-vi\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-cn\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"thunderbird-l10n-zh-tw\", reference:\"1:78.6.0-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:45", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5564 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2020:5564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-5564.NASL", "href": "https://www.tenable.com/plugins/nessus/144381", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5564. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144381);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5564\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:5564)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5564 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:46", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5622 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2020:5622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-5622.NASL", "href": "https://www.tenable.com/plugins/nessus/144413", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5622. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144413);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5622\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2020:5622)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5622 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:24", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-56241 advisory.\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : ELSA-2020-5624-1: / thunderbird (ELSA-2020-56241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2020-12-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2020-56241.NASL", "href": "https://www.tenable.com/plugins/nessus/144457", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-56241.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144457);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n\n script_name(english:\"Oracle Linux 8 : ELSA-2020-5624-1: / thunderbird (ELSA-2020-56241)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-56241 advisory.\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the\n proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such\n URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object\n could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory\n corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5624-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.6.0-1.0.1.el8_3', 'release':'8', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:39", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5618-1 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use- after-free (CVE-2020-26974)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2020:5618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2020-12-18T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"], "id": "SL_20201217_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/144368", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144368);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/18\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2020:5618\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2020:5618)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2020:5618-1 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use- after-free (CVE-2020-26974)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20205618-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.6.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.6.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:45", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:5562 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : firefox (CESA-2020:5562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS8_RHSA-2020-5562.NASL", "href": "https://www.tenable.com/plugins/nessus/145902", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:5562. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145902);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5562\");\n\n script_name(english:\"CentOS 8 : firefox (CESA-2020:5562)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:5562 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5562\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-78.6.0-1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.6.0-1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:46", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5563 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2020:5563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2020-5563.NASL", "href": "https://www.tenable.com/plugins/nessus/144406", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5563. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144406);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5563\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2020:5563)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5563 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.6.0-1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:53", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5618 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2020:5618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-5618.NASL", "href": "https://www.tenable.com/plugins/nessus/144386", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5618. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144386);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5618\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2020:5618)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5618 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:22", "description": "Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Debian DSA-4813-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4813.NASL", "href": "https://www.tenable.com/plugins/nessus/144353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4813. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144353);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35113\");\n script_xref(name:\"DSA\", value:\"4813\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Debian DSA-4813-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode, information disclosure or CSS sanitiser bypass.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4813\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 78.6.0esr-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-af\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-all\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-an\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-as\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-az\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-be\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-br\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cak\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-da\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-de\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-el\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-et\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-he\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ia\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-id\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-is\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-it\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ka\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kab\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-km\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-my\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ne-np\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-oc\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-or\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-si\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-son\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-te\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-th\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-ur\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"78.6.0esr-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:59", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-55621 advisory.\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : ELSA-2020-5562-1: / firefox (ELSA-2020-55621)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2020-55621.NASL", "href": "https://www.tenable.com/plugins/nessus/144374", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-55621.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144374);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/07\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Oracle Linux 8 : ELSA-2020-5562-1: / firefox (ELSA-2020-55621)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-55621 advisory.\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. (CVE-2020-26973)\n\n - When an extension with the proxy permission registered to receive <allurls>, the\n proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such\n URLs, a user opening View Source could have inadvertently leaked their IP address. (CVE-2020-35111)\n\n - Uninitialized Use in V8. (CVE-2020-16042)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object\n could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory\n corruption, and a potentially exploitable crash. (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. (CVE-2020-26978)\n\n - Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5562-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'firefox-78.6.0-1.0.1.el8_3', 'release':'8', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:08", "description": "The remote host is affected by the vulnerability described in GLSA-202012-20 (Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-12-24T00:00:00", "type": "nessus", "title": "GLSA-202012-20 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202012-20.NASL", "href": "https://www.tenable.com/plugins/nessus/144589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202012-20.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144589);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35113\");\n script_xref(name:\"GLSA\", value:\"202012-20\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"GLSA-202012-20 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202012-20\n(Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Mozilla Thunderbird. Please review the CVE identifiers referenced below\n for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202012-20\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-84.0'\n All Mozilla Firefox (bin) users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-84.0'\n All Mozilla Firefox ESR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/firefox-78.6.0:0/esr78'\n All Mozilla Firefox ESR (bin) users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/firefox-bin-78.6.0:0/esr78'\n All Mozilla Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-78.6.0'\n All Mozilla Thunderbird (bin) users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-78.6.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 78.6.0\"), vulnerable:make_list(\"lt 78.6.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 78.6.0\"), vulnerable:make_list(\"lt 78.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 78.6.0\", \"ge 84.0\"), vulnerable:make_list(\"lt 84.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 78.6.0\", \"ge 84.0\"), vulnerable:make_list(\"lt 84.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox / Mozilla Thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:46", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3901-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3901-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144532", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3901-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144532);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3901-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26978/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35113/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203901-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fc4acd0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3901=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.6.0-8.20.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.6.0-8.20.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:54", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5644 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2020:5644)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26970", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-5644.NASL", "href": "https://www.tenable.com/plugins/nessus/144512", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5644. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144512);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26970\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5644\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2020:5644)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5644 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26970\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 121, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:15", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has thunderbird packages installed that are affected by multiple vulnerabilities:\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0091)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-16044", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0091_THUNDERBIRD.NASL", "href": "https://www.tenable.com/plugins/nessus/147342", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0091. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147342);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-16044\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0091)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has thunderbird packages installed that are affected by\nmultiple vulnerabilities:\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <\n 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,\n and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly\n cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially\n exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. This vulnerability\n affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback\n was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening\n View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84,\n Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and\n Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL thunderbird packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'thunderbird-78.6.1-1.el8_3'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:53", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-16044", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0089_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/147268", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0089. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147268);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-16044\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0089)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple\nvulnerabilities:\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <\n 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,\n and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly\n cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially\n exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. This vulnerability\n affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback\n was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening\n View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84,\n Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and\n Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'firefox-78.6.1-1.el8_3'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:45", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2325)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo", "p-cpe:/a:novell:opensuse:mozillafirefox-debugsource", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2325.NASL", "href": "https://www.tenable.com/plugins/nessus/145294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2325.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145294);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2325)\");\n script_summary(english:\"Check for the openSUSE-2020-2325 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-branding-upstream-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-buildsymbols-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debuginfo-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debugsource-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-devel-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-common-78.6.0-lp151.2.82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-other-78.6.0-lp151.2.82.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:33", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-23T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3902-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3902-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144571);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26978/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35113/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203902-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c7255af\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3902=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.6.0-3.122.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.6.0-3.122.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:07", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2318)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo", "p-cpe:/a:novell:opensuse:mozillafirefox-debugsource", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2318.NASL", "href": "https://www.tenable.com/plugins/nessus/145372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2318.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145372);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2318)\");\n script_summary(english:\"Check for the openSUSE-2020-2318 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-branding-upstream-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-buildsymbols-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debuginfo-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debugsource-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-devel-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-common-78.6.0-lp152.2.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-other-78.6.0-lp152.2.34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:42", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_78_6.NASL", "href": "https://www.tenable.com/plugins/nessus/144285", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-56.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144285);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"MFSA\", value:\"2020-56\");\n\n script_name(english:\"Mozilla Thunderbird < 78.6\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'78.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:58", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_78_6_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/144277", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-55.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144277);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"MFSA\", value:\"2020-55\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.6\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'78.6', min:'78.0.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:46", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3903-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo", "p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3903-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3903-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144575);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3903-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.6.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes MFSA 2020-55 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Firefox 84 and Firefox ESR 78.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26978/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35113/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203903-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ca01f8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3903=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3903=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3903=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3903=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3903=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3903=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3903=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3903=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3903=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3903=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3903=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3903=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-devel-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-devel-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debuginfo-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debugsource-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-devel-78.6.0-112.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-translations-common-78.6.0-112.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:40", "description": "The version of Thunderbird installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_78_6.NASL", "href": "https://www.tenable.com/plugins/nessus/144284", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-56.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144284);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"MFSA\", value:\"2020-56\");\n\n script_name(english:\"Mozilla Thunderbird < 78.6\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Thunderbird/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Thunderbird');\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'78.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:06", "description": "This update for MozillaThunderbird fixes the following issues :\n\n - Mozilla Thunderbird 78.6\n\n - new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708)\n\n - changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748)\n\n - changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832)\n\n - changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940)\n\n - changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032)\n\n - fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248)\n\n - fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054)\n\n - fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)\n\n - fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053)\n\n - fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169)\n\n - fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)\n\n - fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756)\n\n - fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201)\n\n - fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555)\n\n - fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984)\n\n - fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782)\n\n - fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543)\n\n - fixed: Dark theme did not apply to new mail notification popups (bmo#1681083)\n\n - fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436)\n\n - fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774)\n\n - fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932)\n\n - fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo", "p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2324.NASL", "href": "https://www.tenable.com/plugins/nessus/145332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2324.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145332);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2324)\");\n script_summary(english:\"Check for the openSUSE-2020-2324 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaThunderbird fixes the following issues :\n\n - Mozilla Thunderbird 78.6\n\n - new: MailExtensions: Added\n browser.windows.openDefaultBrowser() (bmo#1664708)\n\n - changed: Thunderbird now only shows quota exceeded\n indications on the main window (bmo#1671748)\n\n - changed: MailExtensions: menus API enabled in messages\n being composed (bmo#1670832)\n\n - changed: MailExtensions: Honor allowScriptsToClose\n argument in windows.create API function (bmo#1675940)\n\n - changed: MailExtensions: APIs that returned an accountId\n will reflect the account the message belongs to, not\n what is stored in message headers (bmo#1644032)\n\n - fixed: Keyboard shortcut for toggling message 'read'\n status not shown in menus (bmo#1619248)\n\n - fixed: OpenPGP: After importing a secret key, Key\n Manager displayed properties of the wrong key\n (bmo#1667054)\n\n - fixed: OpenPGP: Inline PGP parsing improvements\n (bmo#1660041)\n\n - fixed: OpenPGP: Discovering keys online via Key Manager\n sometimes failed on Linux (bmo#1634053)\n\n - fixed: OpenPGP: Encrypted attachment 'Decrypt and\n Open/Save As' did not work (bmo#1663169)\n\n - fixed: OpenPGP: Importing keys failed on macOS\n (bmo#1680757)\n\n - fixed: OpenPGP: Verification of clear signed UTF-8 text\n failed (bmo#1679756)\n\n - fixed: Address book: Some columns incorrectly displayed\n no data (bmo#1631201)\n\n - fixed: Address book: The address book view did not\n update after changing the name format in the menu\n (bmo#1678555)\n\n - fixed: Calendar: Could not import an ICS file into a\n CalDAV calendar (bmo#1652984)\n\n - fixed: Calendar: Two 'Home' calendars were visible on a\n new profile (bmo#1656782)\n\n - fixed: Calendar: Dark theme was incomplete on Linux\n (bmo#1655543)\n\n - fixed: Dark theme did not apply to new mail notification\n popups (bmo#1681083)\n\n - fixed: Folder icon, message list, and contact side bar\n visual improvements (bmo#1679436)\n\n - fixed: MailExtensions: HTTP refresh in browser content\n tabs did not work (bmo#1667774)\n\n - fixed: MailExtensions: messageDisplayScripts failed to\n run in main window (bmo#1674932)\n\n - fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Thunderbird 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-78.6.0-lp151.2.63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debuginfo-78.6.0-lp151.2.63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debugsource-78.6.0-lp151.2.63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-common-78.6.0-lp151.2.63.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-other-78.6.0-lp151.2.63.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:00:00", "description": "This update for MozillaThunderbird fixes the following issues :\n\n - Mozilla Thunderbird 78.6\n\n - new: MailExtensions: Added browser.windows.openDefaultBrowser() (bmo#1664708)\n\n - changed: Thunderbird now only shows quota exceeded indications on the main window (bmo#1671748)\n\n - changed: MailExtensions: menus API enabled in messages being composed (bmo#1670832)\n\n - changed: MailExtensions: Honor allowScriptsToClose argument in windows.create API function (bmo#1675940)\n\n - changed: MailExtensions: APIs that returned an accountId will reflect the account the message belongs to, not what is stored in message headers (bmo#1644032)\n\n - fixed: Keyboard shortcut for toggling message 'read' status not shown in menus (bmo#1619248)\n\n - fixed: OpenPGP: After importing a secret key, Key Manager displayed properties of the wrong key (bmo#1667054)\n\n - fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)\n\n - fixed: OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux (bmo#1634053)\n\n - fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save As' did not work (bmo#1663169)\n\n - fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)\n\n - fixed: OpenPGP: Verification of clear signed UTF-8 text failed (bmo#1679756)\n\n - fixed: Address book: Some columns incorrectly displayed no data (bmo#1631201)\n\n - fixed: Address book: The address book view did not update after changing the name format in the menu (bmo#1678555)\n\n - fixed: Calendar: Could not import an ICS file into a CalDAV calendar (bmo#1652984)\n\n - fixed: Calendar: Two 'Home' calendars were visible on a new profile (bmo#1656782)\n\n - fixed: Calendar: Dark theme was incomplete on Linux (bmo#1655543)\n\n - fixed: Dark theme did not apply to new mail notification popups (bmo#1681083)\n\n - fixed: Folder icon, message list, and contact side bar visual improvements (bmo#1679436)\n\n - fixed: MailExtensions: HTTP refresh in browser content tabs did not work (bmo#1667774)\n\n - fixed: MailExtensions: messageDisplayScripts failed to run in main window (bmo#1674932)\n\n - fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2317)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo", "p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2317.NASL", "href": "https://www.tenable.com/plugins/nessus/145362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2317.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145362);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-16042\", \"CVE-2020-26971\", \"CVE-2020-26973\", \"CVE-2020-26974\", \"CVE-2020-26978\", \"CVE-2020-35111\", \"CVE-2020-35112\", \"CVE-2020-35113\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2317)\");\n script_summary(english:\"Check for the openSUSE-2020-2317 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaThunderbird fixes the following issues :\n\n - Mozilla Thunderbird 78.6\n\n - new: MailExtensions: Added\n browser.windows.openDefaultBrowser() (bmo#1664708)\n\n - changed: Thunderbird now only shows quota exceeded\n indications on the main window (bmo#1671748)\n\n - changed: MailExtensions: menus API enabled in messages\n being composed (bmo#1670832)\n\n - changed: MailExtensions: Honor allowScriptsToClose\n argument in windows.create API function (bmo#1675940)\n\n - changed: MailExtensions: APIs that returned an accountId\n will reflect the account the message belongs to, not\n what is stored in message headers (bmo#1644032)\n\n - fixed: Keyboard shortcut for toggling message 'read'\n status not shown in menus (bmo#1619248)\n\n - fixed: OpenPGP: After importing a secret key, Key\n Manager displayed properties of the wrong key\n (bmo#1667054)\n\n - fixed: OpenPGP: Inline PGP parsing improvements\n (bmo#1660041)\n\n - fixed: OpenPGP: Discovering keys online via Key Manager\n sometimes failed on Linux (bmo#1634053)\n\n - fixed: OpenPGP: Encrypted attachment 'Decrypt and\n Open/Save As' did not work (bmo#1663169)\n\n - fixed: OpenPGP: Importing keys failed on macOS\n (bmo#1680757)\n\n - fixed: OpenPGP: Verification of clear signed UTF-8 text\n failed (bmo#1679756)\n\n - fixed: Address book: Some columns incorrectly displayed\n no data (bmo#1631201)\n\n - fixed: Address book: The address book view did not\n update after changing the name format in the menu\n (bmo#1678555)\n\n - fixed: Calendar: Could not import an ICS file into a\n CalDAV calendar (bmo#1652984)\n\n - fixed: Calendar: Two 'Home' calendars were visible on a\n new profile (bmo#1656782)\n\n - fixed: Calendar: Dark theme was incomplete on Linux\n (bmo#1655543)\n\n - fixed: Dark theme did not apply to new mail notification\n popups (bmo#1681083)\n\n - fixed: Folder icon, message list, and contact side bar\n visual improvements (bmo#1679436)\n\n - fixed: MailExtensions: HTTP refresh in browser content\n tabs did not work (bmo#1667774)\n\n - fixed: MailExtensions: messageDisplayScripts failed to\n run in main window (bmo#1674932)\n\n - fixed: Various security fixes MFSA 2020-56 (bsc#1180039)\n\n - CVE-2020-16042 (bmo#1679003) Operations on a BigInt\n could have caused uninitialized memory to be exposed\n\n - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in\n WebGL\n\n - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed\n incorrect sanitization\n\n - CVE-2020-26974 (bmo#1681022) Incorrect cast of\n StyleGenericFlexBasis resulted in a heap use-after-free\n\n - CVE-2020-26978 (bmo#1677047) Internal network hosts\n could have been probed by a malicious webpage\n\n - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did\n not catch view-source URLs\n\n - CVE-2020-35112 (bmo#1661365) Opening an extension-less\n download may have inadvertently launched an executable\n instead\n\n - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety\n bugs fixed in Thunderbird 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180039\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaThunderbird-78.6.0-lp152.2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaThunderbird-debuginfo-78.6.0-lp152.2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaThunderbird-debugsource-78.6.0-lp152.2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaThunderbird-translations-common-78.6.0-lp152.2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaThunderbird-translations-other-78.6.0-lp152.2.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:33", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14584-1 advisory.\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - If a user downloaded a file lacking an extension on Windows, and then Open-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35112)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14584-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-06-10T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other"], "id": "SUSE_SU-2020-14584-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150596", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14584-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150596);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14584-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14584-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14584-1 advisory.\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <\n 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,\n and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly\n cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially\n exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. This vulnerability\n affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback\n was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening\n View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84,\n Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - If a user downloaded a file lacking an extension on Windows, and then Open-ed it from the downloads\n panel, if there was an executable file in the downloads directory with the same name but with an\n executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This\n issue only affected Windows operating systems. Other operating systems are unaffected.*. This\n vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35112)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and\n Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180039\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-December/008097.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d924ef2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-translations-common and / or MozillaFirefox-translations-other\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'MozillaFirefox-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.6.0-78.108', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:27:35", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5645 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2020:5645)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26970", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2020-5645.NASL", "href": "https://www.tenable.com/plugins/nessus/144511", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5645. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144511);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26970\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5645\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0571-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2020:5645)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5645 advisory.\n\n - chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)\n\n - Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970)\n\n - Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)\n\n - Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)\n\n - Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)\n\n - Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)\n\n - Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)\n\n - Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26970\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 121, 200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.6.0-1.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.0-1.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:22:21", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35112", "CVE-2020-35113"], "modified": "2021-01-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_78_6_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/144278", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-55.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144278);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35112\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"MFSA\", value:\"2020-55\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.6\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'78.6', min:'78.0.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:54", "description": "The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4701-1 advisory.\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.\n (CVE-2020-26970)\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4701-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-16044", "CVE-2020-26970", "CVE-2020-26971", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26978", "CVE-2020-35111", "CVE-2020-35113"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning"], "id": "UBUNTU_USN-4701-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145221", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4701-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145221);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-16044\",\n \"CVE-2020-26970\",\n \"CVE-2020-26971\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26978\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\"\n );\n script_xref(name:\"USN\", value:\"4701-1\");\n\n script_name(english:\"Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4701-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nUSN-4701-1 advisory.\n\n - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)\n\n - When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that\n is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to\n stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.\n (CVE-2020-26970)\n\n - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow\n on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <\n 78.6. (CVE-2020-26971)\n\n - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This\n could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,\n and Firefox ESR < 78.6. (CVE-2020-26973)\n\n - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly\n cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially\n exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.\n (CVE-2020-26974)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an\n internal network's hosts as well as services running on the user's local machine. This vulnerability\n affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)\n\n - When an extension with the proxy permission registered to receive , the proxy.onRequest callback\n was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening\n View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84,\n Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)\n\n - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and\n Firefox ESR < 78.6. (CVE-2020-35113)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4701-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26970\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '20.10', 'pkgname': 'thunderbird', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.6.1+build1-0ubuntu0.20.10.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:22", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4671-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4671-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16042", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26976", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35113", "CVE-2020-35114"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols"], "id": "UBUNTU_USN-4671-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144299", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4671-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144299);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-16042\",\n \"CVE-2020-26971\",\n \"CVE-2020-26972\",\n \"CVE-2020-26973\",\n \"CVE-2020-26974\",\n \"CVE-2020-26976\",\n \"CVE-2020-26978\",\n \"CVE-2020-26979\",\n \"CVE-2020-35111\",\n \"CVE-2020-35113\",\n \"CVE-2020-35114\"\n );\n script_xref(name:\"USN\", value:\"4671-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0575-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0051-S\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4671-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4671-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4671-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26972\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'firefox', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-dev', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-af', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-an', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-as', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-az', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-be', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-br', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-da', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-de', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-el', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-en', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-es', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-et', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-he', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-id', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-is', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-it', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-km', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-my', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-or', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-si', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-te', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-th', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '16.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '84.0+build3-0ubuntu0.16.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-dev', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-af', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-an', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-as', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-az', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-be', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-br', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-da', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-de', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-el', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-en', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-es', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-et', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-he', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-id', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-is', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-it', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '84.0+build3-0ubuntu0.18.04.1'}