DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2021-23983", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2021-23983", "description": "By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.", "published": "2021-03-31T14:15:00", "modified": "2022-05-03T16:04:00", "epss": [{"cve": "CVE-2021-23983", "epss": 0.00086, "percentile": 0.35558, "modified": "2023-12-03"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2021-23983", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2021-23983"], "immutableFields": [], "lastseen": "2023-12-03T16:03:12", "viewCount": 11, "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-23983"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-23983"]}, {"type": "gentoo", "idList": ["GLSA-202104-10"]}, {"type": "kaspersky", "idList": ["KLA12127"]}, {"type": "mozilla", "idList": ["MFSA2021-10"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202104-10.NASL", "MACOS_FIREFOX_87_0.NASL", "MOZILLA_FIREFOX_87_0.NASL", "UBUNTU_USN-4893-1.NASL"]}, {"type": "prion", "idList": ["PRION:CVE-2021-23983"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1835"]}, {"type": "ubuntu", "idList": ["USN-4893-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-23983"]}, {"type": "veracode", "idList": ["VERACODE:29826"]}]}, "vulnersScore": 7.1}, "_state": {"score": 1701619518, "dependencies": 1701626020}, "_internal": {"score_hash": "62f2db30442dfeabccf8e73c4a50c9c4"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "87.0-r0", "operator": "lt", "packageName": "firefox"}]}

{"prion": [{"lastseen": "2023-11-22T00:38:57", "description": "By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-31T14:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23983"], "modified": "2022-05-03T16:04:00", "id": "PRION:CVE-2021-23983", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-23983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:45:11", "description": "By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-31T14:15:00", "type": "cve", "title": "CVE-2021-23983", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23983"], "modified": "2022-05-03T16:04:00", "cpe": [], "id": "CVE-2021-23983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "veracode": [{"lastseen": "2022-07-26T16:45:48", "description": "firefox is vulnerable to denial of service. By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-25T01:22:34", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23983"], "modified": "2022-05-04T12:29:28", "id": "VERACODE:29826", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29826/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-03T13:55:15", "description": "By causing a transition on a parent node by removing a CSS rule, an invalid\nproperty for a marker could have been applied, resulting in memory\ncorruption and a potentially exploitable crash. This vulnerability affects\nFirefox < 87.\n\n#### Bugs\n\n * <https://bugzilla.mozilla.org/show_bug.cgi?id=1692684>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | mozjs contains a copy of the SpiderMonkey JavaScript engine\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-24T00:00:00", "type": "ubuntucve", "title": "CVE-2021-23983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23983"], "modified": "2021-03-24T00:00:00", "id": "UB:CVE-2021-23983", "href": "https://ubuntu.com/security/CVE-2021-23983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:20:52", "description": "By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-31T14:15:00", "type": "debiancve", "title": "CVE-2021-23983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23983"], "modified": "2021-03-31T14:15:00", "id": "DEBIANCVE:CVE-2021-23983", "href": "https://security-tracker.debian.org/tracker/CVE-2021-23983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-12-03T18:57:32", "description": "## Releases\n\n * Ubuntu 20.10 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * firefox \\- Mozilla Open Source web browser\n\nMultiple security issues were discovered in Firefox. If a user were \ntricked into opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, or execute arbitrary code. (CVE-2021-23981, CVE-2021-23982, \nCVE-2021-23983, CVE-2021-23987, CVE-2021-23988)\n\nIt was discovered that extensions could open popup windows with control \nof the window title in some circumstances. If a user were tricked into \ninstalling a specially crafted extension, an attacker could potentially \nexploit this to spook a website and trick the user into providing \ncredentials. (CVE-2021-23984)\n\nIt was discovered that the DevTools remote debugging feature could be \nenabled without an indication to the user. If a local attacker could \nmodify the browser configuration, a remote attacker could potentially \nexploit this to obtain sensitive information. (CVE-2021-23985)\n\nIt was discovered that extensions could read the response of cross \norigin requests in some circumstances. If a user were tricked into \ninstalling a specially crafted extension, an attacker could potentially \nexploit this to obtain sensitive information. (CVE-2021-23986)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-25T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2021-03-25T00:00:00", "id": "USN-4893-1", "href": "https://ubuntu.com/security/notices/USN-4893-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-10-15T14:52:01", "description": "The version of Firefox installed on the remote macOS or Mac OS X host is prior to 87.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-10 advisory.\n\n - A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.\n (CVE-2021-23981)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. (CVE-2021-23982)\n\n - By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. (CVE-2021-23983)\n\n - A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. (CVE-2021-23984)\n\n - If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. (CVE-2021-23985)\n\n - A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.\n (CVE-2021-23986)\n\n - Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-23987)\n\n - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-23988)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 87.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOS_FIREFOX_87_0.NASL", "href": "https://www.tenable.com/plugins/nessus/148015", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-10.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148015);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2021-23981\",\n \"CVE-2021-23982\",\n \"CVE-2021-23983\",\n \"CVE-2021-23984\",\n \"CVE-2021-23985\",\n \"CVE-2021-23986\",\n \"CVE-2021-23987\",\n \"CVE-2021-23988\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0144-S\");\n\n script_name(english:\"Mozilla Firefox < 87.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote macOS or Mac OS X host is prior to 87.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2021-10 advisory.\n\n - A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer\n used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.\n (CVE-2021-23981)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have scanned both an\n internal network's hosts as well as services running on the user's local machine utilizing WebRTC\n connections. (CVE-2021-23982)\n\n - By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could\n have been applied, resulting in memory corruption and a potentially exploitable crash. (CVE-2021-23983)\n\n - A malicious extension could have opened a popup window lacking an address bar. The title of the popup\n lacking an address bar should not be fully controllable, but in this situation was. This could have been\n used to spoof a website and attempt to trick the user into providing credentials. (CVE-2021-23984)\n\n - If an attacker is able to alter specific about:config values (for example malware running on the user's\n computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to\n the user. This would have allowed a remote attacker (able to make a direct network connection to the\n victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by\n providing a visual cue when Devtools has an open network socket. (CVE-2021-23985)\n\n - A malicious extension with the 'search' permission could have installed a new search engine whose favicon\n referenced a cross-origin URL. The response to this cross-origin request could have been read by the\n extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin\n permissions. This cross-origin request was made without cookies, so the sensitive information disclosed\n by the violation was limited to local-network resources or resources that perform IP-based authentication.\n (CVE-2021-23986)\n\n - Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis\n Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs\n showed evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. (CVE-2021-23987)\n\n - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2021-23988)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 87.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23988\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:FALSE, fix:'87.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T14:53:12", "description": "The version of Firefox installed on the remote Windows host is prior to 87.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-10 advisory.\n\n - A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.\n (CVE-2021-23981)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. (CVE-2021-23982)\n\n - By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. (CVE-2021-23983)\n\n - A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. (CVE-2021-23984)\n\n - If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. (CVE-2021-23985)\n\n - A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.\n (CVE-2021-23986)\n\n - Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-23987)\n\n - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-23988)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 87.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_87_0.NASL", "href": "https://www.tenable.com/plugins/nessus/148014", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-10.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148014);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2021-23981\",\n \"CVE-2021-23982\",\n \"CVE-2021-23983\",\n \"CVE-2021-23984\",\n \"CVE-2021-23985\",\n \"CVE-2021-23986\",\n \"CVE-2021-23987\",\n \"CVE-2021-23988\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0144-S\");\n\n script_name(english:\"Mozilla Firefox < 87.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior to 87.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2021-10 advisory.\n\n - A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer\n used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.\n (CVE-2021-23981)\n\n - Using techniques that built on the slipstream research, a malicious webpage could have scanned both an\n internal network's hosts as well as services running on the user's local machine utilizing WebRTC\n connections. (CVE-2021-23982)\n\n - By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could\n have been applied, resulting in memory corruption and a potentially exploitable crash. (CVE-2021-23983)\n\n - A malicious extension could have opened a popup window lacking an address bar. The title of the popup\n lacking an address bar should not be fully controllable, but in this situation was. This could have been\n used to spoof a website and attempt to trick the user into providing credentials. (CVE-2021-23984)\n\n - If an attacker is able to alter specific about:config values (for example malware running on the user's\n computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to\n the user. This would have allowed a remote attacker (able to make a direct network connection to the\n victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by\n providing a visual cue when Devtools has an open network socket. (CVE-2021-23985)\n\n - A malicious extension with the 'search' permission could have installed a new search engine whose favicon\n referenced a cross-origin URL. The response to this cross-origin request could have been read by the\n extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin\n permissions. This cross-origin request was made without cookies, so the sensitive information disclosed\n by the violation was limited to local-network resources or resources that perform IP-based authentication.\n (CVE-2021-23986)\n\n - Mozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis\n Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs\n showed evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. (CVE-2021-23987)\n\n - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. (CVE-2021-23988)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 87.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23988\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'87.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T14:54:29", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4893-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4893-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:firefox", "p-cpe:/a:canonical:ubuntu_linux:firefox-dev", "p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-szl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu", "p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv"], "id": "UBUNTU_USN-4893-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148135", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4893-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148135);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-23981\",\n \"CVE-2021-23982\",\n \"CVE-2021-23983\",\n \"CVE-2021-23984\",\n \"CVE-2021-23985\",\n \"CVE-2021-23986\",\n \"CVE-2021-23987\",\n \"CVE-2021-23988\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0144-S\");\n script_xref(name:\"USN\", value:\"4893-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4893-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4893-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4893-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23988\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-szl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'firefox', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-dev', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-af', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-an', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-as', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-az', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-be', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-br', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-da', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-de', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-el', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-en', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-es', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-et', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-he', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-id', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-is', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-it', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-km', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-my', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-or', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-si', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-szl', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-te', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-th', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '16.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '87.0+build3-0ubuntu0.16.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-dev', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-af', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-an', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-as', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-az', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-be', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-br', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-da', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-de', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-el', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-en', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-es', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-et', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-he', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-id', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-is', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-it', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-km', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-my', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-or', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-si', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-szl', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-te', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-th', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '87.0+build3-0ubuntu0.18.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-dev', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-af', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-an', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-as', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-az', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-be', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-br', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-da', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-de', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-el', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-en', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-es', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-et', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-he', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-id', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-is', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-it', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-km', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-my', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-or', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-si', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-szl', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-te', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-th', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '87.0+build3-0ubuntu0.20.04.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-geckodriver / firefox-locale-af / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:21", "description": "The remote host is affected by the vulnerability described in GLSA-202104-10 (Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-10 : Mozilla Firefox: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23961", "CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23970", "CVE-2021-23971", "CVE-2021-23972", "CVE-2021-23973", "CVE-2021-23974", "CVE-2021-23975", "CVE-2021-23976", "CVE-2021-23977", "CVE-2021-23978", "CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988", "CVE-2021-23994", "CVE-2021-23995", "CVE-2021-23998", "CVE-2021-23999", "CVE-2021-24002", "CVE-2021-29945", "CVE-2021-29946"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-10.NASL", "href": "https://www.tenable.com/plugins/nessus/149233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-10.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149233);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2021-23961\", \"CVE-2021-23968\", \"CVE-2021-23969\", \"CVE-2021-23970\", \"CVE-2021-23971\", \"CVE-2021-23972\", \"CVE-2021-23973\", \"CVE-2021-23974\", \"CVE-2021-23975\", \"CVE-2021-23976\", \"CVE-2021-23977\", \"CVE-2021-23978\", \"CVE-2021-23981\", \"CVE-2021-23982\", \"CVE-2021-23983\", \"CVE-2021-23984\", \"CVE-2021-23985\", \"CVE-2021-23986\", \"CVE-2021-23987\", \"CVE-2021-23988\", \"CVE-2021-23994\", \"CVE-2021-23995\", \"CVE-2021-23998\", \"CVE-2021-23999\", \"CVE-2021-24002\", \"CVE-2021-29945\", \"CVE-2021-29946\");\n script_xref(name:\"GLSA\", value:\"202104-10\");\n\n script_name(english:\"GLSA-202104-10 : Mozilla Firefox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-10\n(Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Mozilla Firefox ESR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-78.10.0'\n All Mozilla Firefox ESR binary users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-78.10.0'\n All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-88.0'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-88.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 78.10.0\", \"ge 88.0\"), vulnerable:make_list(\"lt 88.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 78.10.0\", \"ge 88.0\"), vulnerable:make_list(\"lt 88.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-12-03T17:27:19", "description": "### *Detect date*:\n03/23/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Affected products*:\nMozilla Firefox earlier than 87\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA2021-10](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2021-23987](<https://vulners.com/cve/CVE-2021-23987>)6.8High \n[CVE-2021-23982](<https://vulners.com/cve/CVE-2021-23982>)4.3Warning \n[CVE-2021-23985](<https://vulners.com/cve/CVE-2021-23985>)4.3Warning \n[CVE-2021-23988](<https://vulners.com/cve/CVE-2021-23988>)6.8High \n[CVE-2021-23984](<https://vulners.com/cve/CVE-2021-23984>)4.3Warning \n[CVE-2021-23983](<https://vulners.com/cve/CVE-2021-23983>)4.3Warning \n[CVE-2021-23986](<https://vulners.com/cve/CVE-2021-23986>)4.3Warning \n[CVE-2021-23981](<https://vulners.com/cve/CVE-2021-23981>)5.8High \n[CVE-2021-29951](<https://vulners.com/cve/CVE-2021-29951>)6.4High \n[CVE-2021-29955](<https://vulners.com/cve/CVE-2021-29955>)2.6Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-23T00:00:00", "type": "kaspersky", "title": "KLA12127 Multiple vulnerabilities in Mozilla Firefox", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988", "CVE-2021-29951", "CVE-2021-29955"], "modified": "2021-06-22T00:00:00", "id": "KLA12127", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12127/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2023-12-03T16:49:12", "description": "A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.)\nA texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.\nThe Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.\nUsing techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections.\nBy causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.\nA malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.\nIf an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket.\nA malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication.\nMozilla developers and community members Matthew Gregan, Tyson Smith, Julien Wajsberg, and Alexis Beingessner reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\nMozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-23T00:00:00", "type": "mozilla", "title": "Security Vulnerabilities fixed in Firefox 87 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988", "CVE-2021-29951", "CVE-2021-29955"], "modified": "2021-03-23T00:00:00", "id": "MFSA2021-10", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:34:39", "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox ESR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-78.10.0\"\n \n\nAll Mozilla Firefox ESR binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-78.10.0\"\n \n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-88.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-88.0\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-30T00:00:00", "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23961", "CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23970", "CVE-2021-23971", "CVE-2021-23972", "CVE-2021-23973", "CVE-2021-23974", "CVE-2021-23975", "CVE-2021-23976", "CVE-2021-23977", "CVE-2021-23978", "CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988", "CVE-2021-23994", "CVE-2021-23995", "CVE-2021-23998", "CVE-2021-23999", "CVE-2021-24002", "CVE-2021-29945", "CVE-2021-29946"], "modified": "2021-04-30T00:00:00", "id": "GLSA-202104-10", "href": "https://security.gentoo.org/glsa/202104-10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rosalinux": [{"lastseen": "2023-12-03T21:45:52", "description": "Software: firefox 78.5.0\nOS: Cobalt 7.9\n\nCVE-ID: CVE-2020-12400\nCVE-Crit: MEDIUM\nCVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12400\nCVE-Crit: MEDIUM\nCVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12401\nCVE-Crit: MEDIUM\nCVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-12401\nCVE-Crit: MEDIUM\nCVE-DESC: During ECDSA signature generation, a fill applied in the one-time number intended to provide constant scalar multiplication was removed, resulting in a secret-dependent variable-time execution. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15652\nCVE-Crit: MEDIUM\nCVE-DESC: By observing the stack trace for JavaScript errors in webworkers, it was possible to get a leaked redirect result from another source. This only applies to content that can be parsed as script. This vulnerability affects Firefox &lt;79, Firefox ESR &lt;68.11, Firefox ESR &lt;78.1, Thunderbird &lt;68.11 and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15653\nCVE-Crit: MEDIUM\nCVE-DESC: An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could lead to security issues for websites using a sandbox configuration that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR &lt;78.1, Firefox &lt;79 and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15654\nCVE-Crit: MEDIUM\nCVE-DESC: In an infinite loop, a website that defines a customizable cursor using CSS can give the impression that the user is interacting with the UI when this is not the case. This could lead to the perception of a faulty state, especially when interaction with existing browser dialogs and alerts is not working. This vulnerability affects Firefox ESR &lt;78.1, Firefox &lt;79 and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15655\nCVE-Crit: MEDIUM\nCVE-DESC: A redirected HTTP request that is tracked or modified via a web extension can bypass existing CORS checks, which could lead to the disclosure of information about different sources. This vulnerability affects Firefox ESR &lt;78.1, Firefox &lt;79, and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15656\nCVE-Crit: HIGH\nCVE-DESC: JIT optimization using the Javascript arguments object can confuse later optimizations. This risk has already been mitigated through various precautions in the code, resulting in this bug being rated as moderate severity. This vulnerability affects Firefox ESR &lt;78.1, Firefox &lt;79 and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15658\nCVE-Crit: MEDIUM\nCVE-DESC: The file upload code does not properly handle special characters, causing an attacker to be able to cut off a file ending at an earlier position, resulting in a different file type being uploaded than shown in the dialog box. This vulnerability affects Firefox ESR &lt;78.1, Firefox &lt;79, and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15659\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;79, Firefox ESR &lt;68.11, Firefox ESR &lt;78.1, Thunderbird &lt;68.11, and Thunderbird &lt;78.1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15671\nCVE-Crit: LOW\nCVE-DESC: When entering a password under certain conditions, a race could occur when InputContext was not correctly set for the input field, resulting in the typed password being stored in the keyboard dictionary. This vulnerability affects Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15670\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;80, Firefox ESR &lt;78.2, Thunderbird &lt;78.2 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15670\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox for Android 79. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;80, Firefox ESR &lt;78.2, Thunderbird &lt;78.2 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15668\nCVE-Crit: MEDIUM\nCVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15668\nCVE-Crit: MEDIUM\nCVE-DESC: there was a missing lock when accessing the data structure and importing certificate information into the trust database. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15674\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 80. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;81\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15675\nCVE-Crit: HIGH\nCVE-DESC: surface processing may outlast a persistent buffer lifetime, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox &lt;81\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15667\nCVE-Crit: HIGH\nCVE-DESC: When processing a MAR update file after signature verification, an invalid name length can cause a heap overflow, resulting in memory corruption and potentially arbitrary code execution. In Firefox, released by Mozilla, this issue can only be exploited using a Mozilla-managed signature key. This vulnerability affects Firefox &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15666\nCVE-Crit: MEDIUM\nCVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15666\nCVE-Crit: MEDIUM\nCVE-DESC: When attempting to download non-video in an audio/video context, the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via a MediaError message. This level of information leakage is incompatible with standardized error / success disclosure and could lead to logon status output for services or device discovery on the local network among other attacks. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15665\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox did not reset the address bar after displaying a dialog box before loading if the user chose to stay on the page. This could result in displaying the wrong URL when used in conjunction with other unexpected browser behavior. This vulnerability affects Firefox &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15664\nCVE-Crit: MEDIUM\nCVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox &lt;80, Thunderbird &lt;78.2, Thunderbird &lt;68.12, Firefox ESR &lt;68.12, Firefox ESR &lt;78.2 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15664\nCVE-Crit: MEDIUM\nCVE-DESC: By holding the eval () function link from the about: blank window, the malicious web page could access the InstallTrigger object, which would allow them to prompt the user to install the extension. Combined with user confusion, this could lead to the installation of an unintended or malicious extension. This vulnerability affects Firefox &lt;80, Thunderbird &lt;78.2, Thunderbird &lt;68.12, Firefox ESR &lt;68.12, Firefox ESR &lt;78.2 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15663\nCVE-Crit: HIGH\nCVE-DESC: If Firefox is installed in a user writable directory, the Mozilla service will run updater.exe from the installation location with system privileges. While the Mozilla service does ensure that updater.exe is signed by Mozilla, the version could be rolled back to a previous version, which would allow an older bug to be exploited and arbitrary code to be executed with system privileges. * Note. This issue only affected Windows operating systems. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;80, Thunderbird &lt;78.2, Thunderbird &lt;68.12, Firefox ESR &lt;68.12, and Firefox ESR &lt;78.2.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15680\nCVE-Crit: MEDIUM\nCVE-DESC: If the image tag references a valid external protocol handler, the size of the resulting corrupted image could be distinguished from the size of the corrupted image of the non-existent protocol handler. This allowed an attacker to successfully verify that an external protocol handler had been registered. This vulnerability affects Firefox &lt;82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15681\nCVE-Crit: HIGH\nCVE-DESC: When multiple WASM threads had a module reference and searched for exported functions, one WASM thread could overwrite another thread's entry in a shared stash table, resulting in a potential crash. This vulnerability affects Firefox &lt;82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15682\nCVE-Crit: MEDIUM\nCVE-DESC: When an external protocol link was clicked, a prompt was presented that allowed the user to choose in which application to open it. An attacker could force this invitation to be associated with a source they had no control over, resulting in a spoofing attack. This has been fixed by changing the external protocol invitations to tab, and ensuring that they cannot be incorrectly linked to another source. This vulnerability affects Firefox &lt;82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15684\nCVE-Crit: CRITICAL\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 81. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;82\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15673\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;81, Thunderbird &lt;78.3, and Firefox ESR &lt;78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15676\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox sometimes ran a load handler for SVG elements that the DOM cleaner decided to remove, resulting in JavaScript being executed after inserting attacker-controlled data into a content element. This vulnerability affects Firefox &lt;81, Thunderbird &lt;78.3 and Firefox ESR &lt;78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15677\nCVE-Crit: MEDIUM.\nCVE-DESC: By exploiting an Open Redirect vulnerability in a website, an attacker could spoof the site displayed in the file upload dialog box to show the original site (the one suffering from Open Redirect) rather than the site from which the file was actually downloaded. from. This vulnerability affects Firefox &lt;81, Thunderbird &lt;78.3, and Firefox ESR &lt;78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15678\nCVE-Crit: HIGH\nCVE-DESC: when recursively viewing graphical layers while scrolling, the iterator may have become invalid, leading to potential use after release. This is because the APZCTreeManager :: ComputeClippedCompositionBounds function did not follow the iterator invalidation rules. This vulnerability affects Firefox &lt;81, Thunderbird &lt;78.3, and Firefox ESR &lt;78.3.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-15683\nCVE-Crit: CRITICAL.\nCVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR &lt;78.4, Firefox &lt;82 and Thunderbird &lt;78.4.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-16012\nCVE-Crit: MEDIUM\nCVE-DESC: A side-channel information leak in Graphics in Google Chrome before version 87.0.4280.66 allowed a remote attacker to leak data from different sources via a crafted HTML page.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26950\nCVE-Crit: HIGH\nCVE-DESC: Under certain circumstances, MCallGetProperty operation code can be emitted with unfulfilled assumptions, resulting in a usable post-release condition. This vulnerability affects Firefox &lt;82.0.3, Firefox ESR &lt;78.4.1, and Thunderbird &lt;78.4.2.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26951\nCVE-Crit: MEDIUM\nCVE-DESC: A mismatch between parsing and loading events in Firefox SVG code could cause loading events to be triggered even after sanitization. An attacker already capable of exploiting an XSS vulnerability on privileged internal pages could use this attack to bypass our built-in sanitizer. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5, and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26952\nCVE-Crit: HIGH\nCVE-DESC: Improper accounting for features embedded during JIT compilation could lead to memory corruption and potentially a crash when handling memory shortage errors. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26953\nCVE-Crit: MEDIUM\nCVE-DESC: It was possible to force the browser into full-screen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5 and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26954\nCVE-Crit: MEDIUM\nCVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access to spoof the user interface, and could also lead to attacks from different sources on target websites. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26955\nCVE-Crit: MEDIUM\nCVE-DESC: When a user downloads a file in Firefox for Android, if a cookie is set, it will be resent during a subsequent file download operation in the same domain, regardless of whether the original and subsequent request were private. and non-private browsing modes. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26956\nCVE-Crit: MEDIUM\nCVE-DESC: In some cases, removing HTML elements during cleanup will preserve existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5 and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26957\nCVE-Crit: MEDIUM\nCVE-DESC: OneCRL did not work in the new Firefox for Android due to lack of service initialization. This may result in the inability to force revocation of some certificates. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26958\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox did not block the execution of scripts with invalid MIME types when the response was intercepted and cached via ServiceWorker. This could have led to a cross-site script inclusion vulnerability or content security policy bypass. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5 and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26959\nCVE-Crit: HIGH\nCVE-DESC: During browser shutdown, reference reduction could occur for a previously freed object, resulting in post-release usage, memory corruption, and potentially crashing. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5, and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26960\nCVE-Crit: HIGH\nCVE-DESC: If the Compact () method were called for an nsTArray array, the array could be reallocated without updating other pointers, leading to potential post-release rejection and possible crash. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5, and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26961\nCVE-Crit: MEDIUM\nCVE-DESC: when DNS over HTTPS is used, it intentionally filters RFC1918 and related IP address ranges out of the responses because they are not meaningful coming from the DoH resolver. However, when an IPv4 address was mapped over IPv6, these addresses were erroneously missed, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5 and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26962\nCVE-Crit: MEDIUM\nCVE-DESC: iframes with different sources containing a login form could have been recognized by the login autofill service and filled in. This could be used in clickjacking attacks and also read through partitions in first-party dynamic isolation. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26963\nCVE-Crit: MEDIUM\nCVE-DESC: repeated calls to the history and location APIs could be used to hang the browser. This issue was fixed by enforcing a speed limit for these API calls. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26965\nCVE-Crit: MEDIUM\nCVE-DESC: Some websites have a \"Show Password\" feature where pressing a button changes the password field to a textbook field, showing the password entered. If, when using a soft keyboard that remembers user input, a user entered their password and used this feature, the password field type was changed, causing the keyboard layout to change and the ability of the soft keyboard to remember the password entered. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5 and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26967\nCVE-Crit: MEDIUM\nCVE-DESC: When listening for page changes with Mutation Observer, a malicious web page can confuse Firefox screenshots by causing them to interact with elements different from the ones it injected into the page. This would lead to internal errors and unexpected behavior of the screenshot code. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26968\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers have reported memory security bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;83, Firefox ESR &lt;78.5, and Thunderbird &lt;78.5.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26969\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 82. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;83\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26975\nCVE-Crit: MEDIUM\nCVE-DESC: When a malicious app installed on a user's device broadcasts intent to Firefox for Android, arbitrary headers could be specified, which could lead to attacks such as environment authority abuse or session committing. This has been solved by only allowing certain headers from the safe list. * Note. This issue only affected Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26977\nCVE-Crit: MEDIUM.\nCVE-DESC: By attempting to connect to a website through a non-responsive port, an attacker could control the content of the tab while the URL string displayed the original domain. * Note. This issue only occurs in Firefox for Android. Other operating systems are not affected. *. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26978\nCVE-Crit: MEDIUM.\nCVE-DESC: Using techniques based on slipstream research, a malicious web page could expose both internal network nodes and services running on the user's local computer. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6, and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26979\nCVE-Crit: MEDIUM\nCVE-DESC: When a user typed a URL into the address bar or search bar and quickly pressed the enter key, a website could sometimes capture this event and then redirect the user before navigation to the desired entered address occurred. To create a convincing spoof, the attacker would have to guess what the user was typing, possibly suggesting it. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35111\nCVE-Crit: MEDIUM\nCVE-DESC: When an extension with proxy permission is registered to receive , the proxy.onRequest callback was not triggered for View Source URLs. Although web content cannot go to such URLs, the user who opened View Source could inadvertently pass their IP address. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6, and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35113\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6, and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-35114\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 83. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26971\nCVE-Crit: HIGH\nCVE-DESC: Some user-supplied blit values were not properly constrained, causing a heap buffer overflow on some video drivers. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6, and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26972\nCVE-Crit: CRITICAL.\nCVE-DESC: The IPC actor lifecycle allows managed actors to outlive their managing actors; and the former must ensure that they do not attempt to use the dead actor they reference. Such a check has been omitted in WebGL, resulting in a post-release usage failure and potentially a crash. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26973\nCVE-Crit: HIGH\nCVE-DESC: Some CSS Sanitizer input confuses it, causing it to remove incorrect components. This could have been used as a sanitizer workaround. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6 and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26974\nCVE-Crit: HIGH\nCVE-DESC: The StyleGenericFlexBasis object may have been incorrectly cast to the wrong type when using a flexible table shell framework. This resulted in user memory loss upon release, memory corruption, and potentially a crash. This vulnerability affects Firefox &lt;84, Thunderbird &lt;78.6, and Firefox ESR &lt;78.6.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-26976\nCVE-Crit: MEDIUM\nCVE-DESC: When HTTPS pages were embedded in an HTTP page and a serviceworker was registered for the former, the serviceworker could intercept the secure page request even though the iframe was not a secure context due to ( insecure) framing. This vulnerability affects Firefox &lt;84\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-6829\nCVE-Crit: MEDIUM\nCVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2020-6829\nCVE-Crit: MEDIUM\nCVE-DESC: the wNAF point multiplication algorithm was used when performing scalar EC point multiplication; this leaked partial information about the nonce used in signature generation. Given the electromagnetic trace of several generations of the signature, it was possible to compute the private key. This vulnerability affects Firefox &lt;80 and Firefox for Android &lt;80\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23953\nCVE-Crit: MEDIUM\nCVE-DESC: If a user clicked on a specially crafted PDF file, a PDF reader could become confused to leak information from different sources when said information is served as fragmented data. This vulnerability affects Firefox &lt;85, Thunderbird &lt;78.7, and Firefox ESR &lt;78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23954\nCVE-Crit: HIGH\nCVE-DESC: The use of new boolean assignment operators in JavaScript switch statement could cause type confusion, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox &lt;85, Thunderbird &lt;78.7, and Firefox ESR &lt;78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23955\nCVE-Crit: MEDIUM\nCVE-DESC: The browser could get confused about passing the lock state of a pointer to another tab, which could lead to clickjacking attacks. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23956\nCVE-Crit: MEDIUM\nCVE-DESC: The ambiguous design of the file selector tool could confuse users who intended to select and upload a single file to download an entire catalog. This issue was fixed by adding a new prompt. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23957\nCVE-Crit: HIGH\nCVE-DESC: Navigating the Android-specific `intent` URL scheme may have been improperly used to exit the isolated iframe programmatic environment. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23958\nCVE-Crit: MEDIUM\nCVE-DESC: The browser could get confused by moving the screen sharing state to another tab, which could leak unintended information. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23959\nCVE-Crit: MEDIUM\nCVE-DESC: XSS error on internal error pages could lead to various spoofing attacks, including other error pages and the address bar. Note. This issue only affected Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23960\nCVE-Crit: HIGH\nCVE-DESC: Garbage collection for re-declared JavaScript variables resulted in a \"user-post-error\" and a potential crash. This vulnerability affects Firefox &lt;85, Thunderbird &lt;78.7, and Firefox ESR &lt;78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23961\nCVE-Crit: HIGH\nCVE-DESC: Further techniques based on the investigation of a hidden thread combined with a malicious web page could reveal both hosts on the internal network and services running on the user's local computer. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23962\nCVE-Crit: HIGH\nCVE-DESC: misuse of the \"\" method could lead to user \"poisoning\" and potentially crashing. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23963\nCVE-Crit: MEDIUM\nCVE-DESC: When sharing geolocation while WebRTC sharing is active, Firefox could reset the webRTC sharing state in the user interface, resulting in a loss of control over the currently granted permission. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23964\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;85, Thunderbird &lt;78.7, and Firefox ESR &lt;78.7.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23965\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 84. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;85\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23968\nCVE-Crit: MEDIUM\nCVE-DESC: If the content security policy blocked frame navigation, the full destination of the redirect served in the frame was reported in the breach report; as opposed to the original frame URI. This could be exploited to leak sensitive information contained in such URIs. This vulnerability affects Firefox &lt;86, Thunderbird &lt;78.8, and Firefox ESR &lt;78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23969\nCVE-Crit: MEDIUM\nCVE-DESC: As stated in the W3C Content Security Policy Draft, when creating a violation report, \"user agents should ensure that the source file is the URL requested by the page performing the pre-rendering. If this is not possible, user agents should to shorten the URL to the source to avoid inadvertent leakage.\" For certain types of redirects, Firefox incorrectly set the source file as the redirect destination. This has been fixed to be the source of the redirection destination. This vulnerability affects Firefox &lt;86, Thunderbird &lt;78.8, and Firefox ESR &lt;78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23970\nCVE-Crit: MEDIUM\nCVE-DESC: context-sensitive code has been included in a generic jump table; which triggers assertions in multi-threaded wasm code. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23971\nCVE-Crit: MEDIUM\nCVE-DESC: When processing a redirect with a conflicting referrer policy, Firefox would accept the redirect's referrer policy. This could potentially result in more information being provided to the redirect recipient than intended by the original source. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23972\nCVE-Crit: HIGH\nCVE-DESC: One of the online phishing tactics is to provide a link with HTTP authentication. For example, https: //www.phishingtarget.com@evil.com. To mitigate this type of attack, Firefox will display a warning dialog box; however, this warning dialog box would not be displayed if evil.com used a redirect cached by the browser. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23973\nCVE-Crit: MEDIUM\nCVE-DESC: A decoding error could occur when attempting to load a cross-origin resource in an audio/video context, and the contents of this error could reveal information about the resource. This vulnerability affects Firefox &lt;86, Thunderbird &lt;78.8 and Firefox ESR &lt;78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23974\nCVE-Crit: MEDIUM\nCVE-DESC: The DOMParser API incorrectly handled elements for escaping. It can be used as an mXSS vector to bypass the HTML cleanup tool. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23975\nCVE-Crit: MEDIUM\nCVE-DESC: There is a measure function on the about: memory developer page that lets you know what types of objects the browser has allocated and their sizes. When this function was called, we incorrectly called the sizeof function instead of using an API method that checks for invalid pointers. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23976\nCVE-Crit: HIGH\nCVE-DESC: When accepting malicious intent from other installed applications, Firefox for Android accepted manifests from arbitrary file paths and allowed web application manifests to be declared for other sources. This could be used to gain full-screen access for UI spoofing, and could also lead to multi-source attacks on target websites. Note. This issue is different from CVE-2020-26954 and only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23977\nCVE-Crit: MEDIUM\nCVE-DESC: Firefox for Android suffers from a \"check-time-use-time\" vulnerability that allows a malicious app to read sensitive data from app directories. Note. This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23978\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory security bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox &lt;86, Thunderbird &lt;78.8, and Firefox ESR &lt;78.8.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23979\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 85. Some of these bugs indicated memory corruption, and we speculate that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;86\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23981\nCVE-Crit: HIGH\nCVE-DESC: Loading a pixel buffer object texture could confuse WebGL code by missing the binding of the buffer used to decompress it, resulting in memory corruption and a potential information leak or crash. This vulnerability affects Firefox ESR &lt;78.9, Thunderbird &lt;78.9 and Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23982\nCVE-Crit: MEDIUM.\nCVE-DESC: Using techniques based on slipstream research, a malicious web page could scan both hosts on the internal network and services running on the user's local computer using WebRTC connections. This vulnerability affects Firefox ESR &lt;78.9, Thunderbird &lt;78.9 and Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23983\nCVE-Crit: MEDIUM\nCVE-DESC: By causing a transition on the parent node by removing a CSS rule, an invalid property for the token could have been applied, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23984\nCVE-Crit: MEDIUM\nCVE-DESC: A malicious extension could open a popup window without an address bar. The title of a popup without an address bar shouldn't be completely controllable, but in this situation it was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR &lt;78.9, Thunderbird &lt;78.9 and Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23985\nCVE-Crit: MEDIUM\nCVE-DESC: If an attacker could change certain values of about: config (e.g. malware running on the user's computer), the Devtools remote debugging feature could be enabled in a way that is invisible to the user. This would allow a remote attacker (able to establish a direct network connection to the victim) to monitor the user's browser activity and network traffic (plaintext). This was resolved by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23986\nCVE-Crit: MEDIUM\nCVE-DESC: A malicious extension with \"search\" permission could have installed a new search engine whose icon referenced a URL from different sources. The response to this cross-origin request could have been read by the extension, circumventing the single-source policy for an extension that should not have cross-origin permissions. This cross-source request was made without cookies, so the sensitive information exposed by the breach was limited to local network resources or resources that perform IP-based authentication. This vulnerability affects Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23987\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR &lt;78.9, Thunderbird &lt;78.9 and Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2021-23988\nCVE-Crit: HIGH\nCVE-DESC: Mozilla developers reported memory safety errors present in Firefox 86. Some of these bugs indicated memory corruption, and we hypothesize that with enough effort, some of them could be exploited to run arbitrary code. This vulnerability affects Firefox &lt;87\\.\nCVE-STATUS: default\nCVE-REV: default", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T16:43:38", "type": "rosalinux", "title": "Advisory ROSA-SA-2021-1835", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12400", "CVE-2020-12401", "CVE-2020-15652", "CVE-2020-15653", "CVE-2020-15654", "CVE-2020-15655", "CVE-2020-15656", "CVE-2020-15658", "CVE-2020-15659", "CVE-2020-15663", "CVE-2020-15664", "CVE-2020-15665", "CVE-2020-15666", "CVE-2020-15667", "CVE-2020-15668", "CVE-2020-15670", "CVE-2020-15671", "CVE-2020-15673", "CVE-2020-15674", "CVE-2020-15675", "CVE-2020-15676", "CVE-2020-15677", "CVE-2020-15678", "CVE-2020-15680", "CVE-2020-15681", "CVE-2020-15682", "CVE-2020-15683", "CVE-2020-15684", "CVE-2020-16012", "CVE-2020-26950", "CVE-2020-26951", "CVE-2020-26952", "CVE-2020-26953", "CVE-2020-26954", "CVE-2020-26955", "CVE-2020-26956", "CVE-2020-26957", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26962", "CVE-2020-26963", "CVE-2020-26965", "CVE-2020-26967", "CVE-2020-26968", "CVE-2020-26969", "CVE-2020-26971", "CVE-2020-26972", "CVE-2020-26973", "CVE-2020-26974", "CVE-2020-26975", "CVE-2020-26976", "CVE-2020-26977", "CVE-2020-26978", "CVE-2020-26979", "CVE-2020-35111", "CVE-2020-35113", "CVE-2020-35114", "CVE-2020-6829", "CVE-2021-23953", "CVE-2021-23954", "CVE-2021-23955", "CVE-2021-23956", "CVE-2021-23957", "CVE-2021-23958", "CVE-2021-23959", "CVE-2021-23960", "CVE-2021-23961", "CVE-2021-23962", "CVE-2021-23963", "CVE-2021-23964", "CVE-2021-23965", "CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23970", "CVE-2021-23971", "CVE-2021-23972", "CVE-2021-23973", "CVE-2021-23974", "CVE-2021-23975", "CVE-2021-23976", "CVE-2021-23977", "CVE-2021-23978", "CVE-2021-23979", "CVE-2021-23981", "CVE-2021-23982", "CVE-2021-23983", "CVE-2021-23984", "CVE-2021-23985", "CVE-2021-23986", "CVE-2021-23987", "CVE-2021-23988"], "modified": "2021-07-02T16:43:38", "id": "ROSA-SA-2021-1835", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2021-1835", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}