{"id": "ASA-201603-21", "type": "archlinux", "bulletinFamily": "unix", "title": "thunderbird: multiple issues", "description": "- CVE-2016-1952 CVE-2016-1953 (arbitrary code execution):\n\nMozilla developers fixed several memory safety bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances,\nand we presume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\n- CVE-2016-1954 (privilege escalation):\n\nSecurity researcher Nicolas Golubovic reported that a malicious page can\noverwrite files on the user's machine using Content Security Policy\n(CSP) violation reports. The file contents are restricted to the JSON\nformat of the report. In many cases overwriting a local file may simply\nbe destructive, breaking the functionality of that file. The CSP error\nreports can include HTML fragments which could be rendered by browsers.\nIf a user has disabled add-on signing and has installed an "unpacked"\nadd-on, a malicious page could overwrite one of the add-on resources.\nDepending on how this resource is used, this could lead to privilege\nescalation.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1957 (resource consumption):\n\nSecurity researchers Jose Martinez and Romina Santillan reported a\nmemory leak in the libstagefright library when array destruction occurs\nduring MPEG4 video file processing.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1960 (arbitrary code execution):\n\nSecurity researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing\na particular set of table-related tags in a foreign fragment context\nsuch as SVG. This results in a potentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1961 (arbitrary code execution):\n\nSecurity researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of HTMLDocument.\nThis results in a potentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1964 (arbitrary code execution):\n\nSecurity researcher Nicolas Grégoire used the Address Sanitizer to find\na use-after-free during XML transformation operations. This results in a\npotentially exploitable crash triggerable by web content.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1966 (remote code execution):\n\nThe Communications Electronics Security Group (UK) of the GCHQ reported\na dangling pointer dereference within the Netscape Plugin Application\nProgramming Interface (NPAPI) that could lead to the NPAPI subsystem\ncrashing. This issue requires a maliciously crafted NPAPI plugin in\nconcert with scripted web content, resulting in a potentially\nexploitable crash when triggered.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1974 (denial of service):\n\nSecurity researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with\nunicode strings. This can also affect the parsing of XML and SVG format\ndata. This leads to a potentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793\nCVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798\nCVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 (buffer overflow):\n\nSecurity researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the\nGraphite 2 library affecting version 1.3.5.\n\nThe issue reported by Holger Fuhrmannek is a mechanism to induce stack\ncorruption with a malicious graphite font. This leads to a potentially\nexploitable crash when the font is loaded.\n\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds\nread, and out-of-bounds write errors when working with fuzzed graphite\nfonts.", "published": "2016-03-20T00:00:00", "modified": "2016-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html", "reporter": "Arch Linux", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/", "https://access.redhat.com/security/cve/CVE-2016-1954", "https://access.redhat.com/security/cve/CVE-2016-1952", "https://access.redhat.com/security/cve/CVE-2016-2801", "https://access.redhat.com/security/cve/CVE-2016-2796", "https://access.redhat.com/security/cve/CVE-2016-2792", "https://access.redhat.com/security/cve/CVE-2016-1966", "https://access.redhat.com/security/cve/CVE-2016-1977", "https://access.redhat.com/security/cve/CVE-2016-2791", "https://access.redhat.com/security/cve/CVE-2016-1953", "https://access.redhat.com/security/cve/CVE-2016-2797", "https://access.redhat.com/security/cve/CVE-2016-2790", "https://access.redhat.com/security/cve/CVE-2016-2794", "https://access.redhat.com/security/cve/CVE-2016-2795", "https://access.redhat.com/security/cve/CVE-2016-1957", "https://access.redhat.com/security/cve/CVE-2016-1960", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/", "https://access.redhat.com/security/cve/CVE-2016-1964", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/", "https://access.redhat.com/security/cve/CVE-2016-2799", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/", "https://access.redhat.com/security/cve/CVE-2016-2793", "https://access.redhat.com/security/cve/CVE-2016-1961", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/", "https://access.redhat.com/security/cve/CVE-2016-2802", "https://access.redhat.com/security/cve/CVE-2016-2798", "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/", "https://access.redhat.com/security/cve/CVE-2016-1974", "https://access.redhat.com/security/cve/CVE-2016-2800"], "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "lastseen": "2016-09-02T18:44:48", "viewCount": 8, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2016-09-02T18:44:48", "rev": 2}, "dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2016-0460", "ELSA-2016-0373"]}, {"type": "centos", "idList": ["CESA-2016:0373", "CESA-2016:0460"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2927-1.NASL", "SL_20160316_THUNDERBIRD_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0460.NASL", "UBUNTU_USN-2934-1.NASL", "CENTOS_RHSA-2016-0460.NASL", "CENTOS_RHSA-2016-0373.NASL", "DEBIAN_DSA-3510.NASL", "DEBIAN_DSA-3515.NASL", "ORACLELINUX_ELSA-2016-0460.NASL", "DEBIAN_DSA-3520.NASL"]}, {"type": "redhat", "idList": ["RHSA-2016:0373", "RHSA-2016:0460"]}, {"type": "openvas", "idList": ["OPENVAS:703520", "OPENVAS:1361412562310807628", "OPENVAS:1361412562310882427", "OPENVAS:1361412562310131268", "OPENVAS:1361412562310882430", "OPENVAS:1361412562310842723", "OPENVAS:1361412562310882429", "OPENVAS:1361412562310807627", "OPENVAS:1361412562310122905", "OPENVAS:1361412562310871578"]}, {"type": "ubuntu", "idList": ["USN-2917-2", "USN-2927-1", "USN-2917-3", "USN-2917-1", "USN-2934-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3515-1:A2A41", "DEBIAN:DSA-3520-1:A2087", "DEBIAN:DSA-3510-1:F3E38"]}, {"type": "mozilla", "idList": ["MFSA2016-37"]}, {"type": "freebsd", "idList": ["ADFFE823-E692-4921-AE9C-0B825C218372"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0777-1", "OPENSUSE-SU-2016:0876-1", "OPENSUSE-SU-2016:1769-1", "OPENSUSE-SU-2016:0894-1", "OPENSUSE-SU-2016:1767-1", "SUSE-SU-2016:0909-1", "SUSE-SU-2016:0820-1", "OPENSUSE-SU-2016:1778-1", "SUSE-SU-2016:0727-1"]}, {"type": "gentoo", "idList": ["GLSA-201701-63"]}, {"type": "archlinux", "idList": ["ASA-201603-4"]}], "modified": "2016-09-02T18:44:48", "rev": 2}, "vulnersScore": 5.8}, "affectedPackage": [{"arch": "any", "packageFilename": "UNKNOWN", "OSVersion": "any", "operator": "lt", "packageName": "thunderbird", "packageVersion": "38.7.0-1", "OS": "any"}]}

{"nessus": [{"lastseen": "2020-05-31T20:09:30", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-17T00:00:00", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:0460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-03-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0460.NASL", "href": "https://www.tenable.com/plugins/nessus/89986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0460. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89986);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"RHSA\", value:\"2016:0460\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:0460)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3138c54\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2802\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0460\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-38.7.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-38.7.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.7.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.7.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.7.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:09", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-17T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-03-17T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160316_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/89988", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89988);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=5856\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52f8da9c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-38.7.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-38.7.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-38.7.0-1.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-38.7.0-1.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.7.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:34", "description": "From Red Hat Security Advisory 2016:0460 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-17T00:00:00", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2016-0460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-03-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0460.NASL", "href": "https://www.tenable.com/plugins/nessus/89981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0460 and \n# Oracle Linux Security Advisory ELSA-2016-0460 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89981);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"RHSA\", value:\"2016:0460\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2016-0460)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:0460 :\n\nAn updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005868.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-38.7.0-1.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.0.1.el7_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:32", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-17T00:00:00", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:0460)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-03-17T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0460.NASL", "href": "https://www.tenable.com/plugins/nessus/89971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0460 and \n# CentOS Errata and Security Advisory 2016:0460 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89971);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"RHSA\", value:\"2016:0460\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:0460)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1952, CVE-2016-1954,\nCVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Thunderbird. A web page containing malicious content\ncould cause Thunderbird to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Thunderbird.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen,\nlokihardt, Nicolas Gregoire, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla\nsecurity advisories for Thunderbird 38.7.0. You can find a link to the\nMozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021738.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31e76a6f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021739.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41731503\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78654149\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2794\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-38.7.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-38.7.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-38.7.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:30:43", "description": "Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2016-1952)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a\nspecially crafted website in a browsing context with addon signing\ndisabled and unpacked addons installed, an attacker could potentially\nexploit this to gain additional privileges. (CVE-2016-1954)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to cause a denial of service via memory exhaustion.\n(CVE-2016-1957)\n\nA use-after-free was discovered in the HTML5 string parser. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a specially crafted\nwebsite in a browsing context, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2016-1961)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2016-1964)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If a\nuser were tricked in to opening a specially crafted website in a\nbrowsing context with a malicious plugin installed, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2016-1966)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2016-1974)\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. A remote attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2016-1950)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked\nin to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,\nCVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-02T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2934-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2934-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2934-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90822);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"USN\", value:\"2934-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2934-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2016-1952)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a\nspecially crafted website in a browsing context with addon signing\ndisabled and unpacked addons installed, an attacker could potentially\nexploit this to gain additional privileges. (CVE-2016-1954)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to cause a denial of service via memory exhaustion.\n(CVE-2016-1957)\n\nA use-after-free was discovered in the HTML5 string parser. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a specially crafted\nwebsite in a browsing context, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2016-1961)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking\nThunderbird. (CVE-2016-1964)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If a\nuser were tricked in to opening a specially crafted website in a\nbrowsing context with a malicious plugin installed, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2016-1966)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Thunderbird. (CVE-2016-1974)\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. A remote attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Thunderbird. (CVE-2016-1950)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked\nin to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,\nCVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2934-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:38.7.2+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:38.7.2+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"thunderbird\", pkgver:\"1:38.7.2+build1-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:38.7.2+build1-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:30", "description": "Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors\nmay lead to the execution of arbitrary code or denial of service.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-21T00:00:00", "title": "Debian DSA-3520-1 : icedove - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-03-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icedove"], "id": "DEBIAN_DSA-3520.NASL", "href": "https://www.tenable.com/plugins/nessus/90031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3520. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90031);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"DSA\", value:\"3520\");\n\n script_name(english:\"Debian DSA-3520-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors\nmay lead to the execution of arbitrary code or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3520\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 38.7.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 38.7.0-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"38.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"38.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"38.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"38.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"38.7.0-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"38.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"38.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"38.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"38.7.0-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"38.7.0-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:29", "description": "It was discovered that graphite2 incorrectly handled certain malformed\nfonts. If a user or automated system were tricked into opening a\nspecially- crafted font file, a remote attacker could use this issue\nto cause graphite2 to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-15T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 : graphite2 vulnerabilities (USN-2927-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "modified": "2016-03-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libgraphite2-3", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2927-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2927-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89930);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"USN\", value:\"2927-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 : graphite2 vulnerabilities (USN-2927-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that graphite2 incorrectly handled certain malformed\nfonts. If a user or automated system were tricked into opening a\nspecially- crafted font file, a remote attacker could use this issue\nto cause graphite2 to crash, resulting in a denial of service, or\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2927-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgraphite2-3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgraphite2-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libgraphite2-3\", pkgver:\"1.3.6-1ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libgraphite2-3\", pkgver:\"1.3.6-1ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgraphite2-3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:29", "description": "Multiple vulnerabilities have been found in the Graphite font\nrendering engine which might result in denial of service or the\nexecution of arbitrary code if a malformed font file is processed.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "title": "Debian DSA-3515-1 : graphite2 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:graphite2"], "id": "DEBIAN_DSA-3515.NASL", "href": "https://www.tenable.com/plugins/nessus/89877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3515. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89877);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"DSA\", value:\"3515\");\n\n script_name(english:\"Debian DSA-3515-1 : graphite2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in the Graphite font\nrendering engine which might result in denial of service or the\nexecution of arbitrary code if a malformed font file is processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/graphite2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/graphite2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3515\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the graphite2 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.3.6-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.3.6-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:graphite2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libgraphite2-2.0.0\", reference:\"1.3.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphite2-2.0.0-dbg\", reference:\"1.3.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphite2-dev\", reference:\"1.3.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgraphite2-doc\", reference:\"1.3.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphite2-3\", reference:\"1.3.6-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphite2-3-dbg\", reference:\"1.3.6-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphite2-dev\", reference:\"1.3.6-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgraphite2-doc\", reference:\"1.3.6-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:33", "description": "From Red Hat Security Advisory 2016:0373 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,\nCVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962,\nCVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965,\nCVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Firefox. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2016-1977,\nCVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793,\nCVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\nCVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman\nAlqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas\nGregoire, Tsubasa Iinuma, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.7.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-10T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0373)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-03-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0373.NASL", "href": "https://www.tenable.com/plugins/nessus/89816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0373 and \n# Oracle Linux Security Advisory ELSA-2016-0373 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89816);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"RHSA\", value:\"2016:0373\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0373)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:0373 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,\nCVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962,\nCVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965,\nCVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library\nshipped with Firefox. A web page containing malicious content could\ncause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2016-1977,\nCVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793,\nCVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\nCVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian\nHoller, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell\nJesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman\nAlqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas\nGregoire, Tsubasa Iinuma, the Communications Electronics Security\nGroup (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson\nSmith as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.7.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005847.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005850.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-38.7.0-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-38.7.0-1.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-38.7.0-1.0.1.el7_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:51:38", "description": "According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Several flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,\n CVE-2016-1958, CVE-2016-1960, CVE-2016-1961,\n CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,\n CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\n - Multiple security flaws were found in the graphite2\n font library shipped with Firefox. A web page\n containing malicious content could cause Firefox to\n crash or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2016-1977,\n CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\n CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\n CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\n CVE-2016-2802)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2017-05-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1002.NASL", "href": "https://www.tenable.com/plugins/nessus/99765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99765);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-1952\",\n \"CVE-2016-1954\",\n \"CVE-2016-1957\",\n \"CVE-2016-1958\",\n \"CVE-2016-1960\",\n \"CVE-2016-1961\",\n \"CVE-2016-1962\",\n \"CVE-2016-1964\",\n \"CVE-2016-1965\",\n \"CVE-2016-1966\",\n \"CVE-2016-1973\",\n \"CVE-2016-1974\",\n \"CVE-2016-1977\",\n \"CVE-2016-2790\",\n \"CVE-2016-2791\",\n \"CVE-2016-2792\",\n \"CVE-2016-2793\",\n \"CVE-2016-2794\",\n \"CVE-2016-2795\",\n \"CVE-2016-2796\",\n \"CVE-2016-2797\",\n \"CVE-2016-2798\",\n \"CVE-2016-2799\",\n \"CVE-2016-2800\",\n \"CVE-2016-2801\",\n \"CVE-2016-2802\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Several flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,\n CVE-2016-1958, CVE-2016-1960, CVE-2016-1961,\n CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,\n CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\n - Multiple security flaws were found in the graphite2\n font library shipped with Firefox. A web page\n containing malicious content could cause Firefox to\n crash or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2016-1977,\n CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\n CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\n CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\n CVE-2016-2802)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7258a8f1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-38.7.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1952", "CVE-2016-1954", "CVE-2016-1957", "CVE-2016-1960", "CVE-2016-1961", "CVE-2016-1964", "CVE-2016-1966", "CVE-2016-1974", "CVE-2016-1977", "CVE-2016-2790", "CVE-2016-2791", "CVE-2016-2792", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2797", "CVE-2016-2798", "CVE-2016-2799", "CVE-2016-2800", "CVE-2016-2801", "CVE-2016-2802"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas\nGregoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "modified": "2018-06-06T20:24:10", "published": "2016-03-16T04:00:00", "id": "RHSA-2016:0460", "href": "https://access.redhat.com/errata/RHSA-2016:0460", "type": "redhat", "title": "(RHSA-2016:0460) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1952", "CVE-2016-1954", "CVE-2016-1957", "CVE-2016-1958", "CVE-2016-1960", "CVE-2016-1961", "CVE-2016-1962", "CVE-2016-1964", "CVE-2016-1965", "CVE-2016-1966", "CVE-2016-1973", "CVE-2016-1974", "CVE-2016-1977", "CVE-2016-2790", "CVE-2016-2791", "CVE-2016-2792", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2797", "CVE-2016-2798", "CVE-2016-2799", "CVE-2016-2800", "CVE-2016-2801", "CVE-2016-2802"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958,\nCVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Firefox. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\nCVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi,\nca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa\nIinuma, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.7.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2016-03-09T05:00:00", "id": "RHSA-2016:0373", "href": "https://access.redhat.com/errata/RHSA-2016:0373", "type": "redhat", "title": "(RHSA-2016:0373) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0460\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas\nGregoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033776.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033777.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033778.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0460.html", "edition": 3, "modified": "2016-03-16T19:58:44", "published": "2016-03-16T17:52:15", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033776.html", "id": "CESA-2016:0460", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0373\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958,\nCVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,\nCVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Firefox. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\nCVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi,\nca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa\nIinuma, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.7.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033761.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033762.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033763.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0373.html", "edition": 3, "modified": "2016-03-09T13:26:30", "published": "2016-03-09T06:42:15", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033761.html", "id": "CESA-2016:0373", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:03:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "[38.7.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[38.7.0-1]\n- Update to 38.7.0", "edition": 5, "modified": "2016-03-16T00:00:00", "published": "2016-03-16T00:00:00", "id": "ELSA-2016-0460", "href": "http://linux.oracle.com/errata/ELSA-2016-0460.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "[38.7.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]\n[38.7.0-1]\n- Update to 38.7.0 ESR", "edition": 4, "modified": "2016-03-09T00:00:00", "published": "2016-03-09T00:00:00", "id": "ELSA-2016-0373", "href": "http://linux.oracle.com/errata/ELSA-2016-0373.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310882427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882427", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:0460 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:0460 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882427\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:10:05 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:0460 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, caonguyen, lokihardt, Nicolas\nGregoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0460\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021740.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310871578", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871578", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2016:0460-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:0460-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871578\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:09:13 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:0460-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas\nGrgoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0460-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00051.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~38.7.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310882429", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882429", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:0460 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:0460 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882429\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:10:33 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:0460 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, caonguyen, lokihardt, Nicolas\nGregoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0460\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021738.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Mageia Linux Local Security Checks mgasa-2016-0115", "modified": "2019-03-14T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310131268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131268", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0115.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131268\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 16:02:31 +0200 (Thu, 17 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0115\");\n script_tag(name:\"insight\", value:\"Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966). Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0115.html\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0115\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"thunderbird-l10n\", rpm:\"thunderbird-l10n~38.7.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Oracle Linux Local Security Checks ELSA-2016-0460", "modified": "2019-03-14T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310122905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122905", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0460.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122905\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 16:00:57 +0200 (Thu, 17 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0460\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0460 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0460\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0460.html\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2016-03-17T00:00:00", "id": "OPENVAS:1361412562310882430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882430", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:0460 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:0460 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882430\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:10:56 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:0460 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,\nCVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\nCVE-2016-2801, CVE-2016-2802)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas\nGolubovic, Jose Martinez, Romina Santillan, caonguyen, lokihardt, Nicolas\nGregoire, the Communications Electronics Security Group (UK) of the GCHQ,\nHolger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters\nof these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.7.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.7.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0460\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021739.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.7.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-09T15:19:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "The remote host is missing an update for the ", "modified": "2019-10-07T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310842723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842723", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-2934-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-2934-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842723\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:31 +0530 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n\t\t\"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1966\", \"CVE-2016-1974\",\n\t\t\"CVE-2016-1950\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\",\n\t\t\"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\",\n\t\t\"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\",\n\t\t\"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-2934-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Bob Clary, Christoph Diehl, Christian Holler,\n Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered\n multiple memory safety issues in Thunderbird. If a user were tricked in to\n opening a specially crafted message, an attacker could potentially exploit these\n to cause a denial of service via application crash, or execute arbitrary code\n with the privileges of the user invoking Thunderbird. (CVE-2016-1952)\n\n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website in a browsing context with addon signing disabled and\n unpacked addons installed, an attacker could potentially exploit this to\n gain additional privileges. (CVE-2016-1954)\n\n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances.\n If a user were tricked in to opening a specially crafted website in a\n browsing context, an attacker could potentially exploit this to cause a\n denial of service via memory exhaustion. (CVE-2016-1957)\n\n A use-after-free was discovered in the HTML5 string parser. If a user were\n tricked in to opening a specially crafted website in a browsing context, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the user\n invoking Thunderbird. (CVE-2016-1960)\n\n A use-after-free was discovered in the SetBody function of HTMLDocument.\n If a user were tricked in to opening a specially crafted website in a\n browsing context, an attacker could potentially exploit this to cause a\n denial of service via application crash, or execute arbitrary code with\n the privileges of the user invoking Thunderbird. (CVE-2016-1961)\n\n Nicolas Gr&#233 goire discovered a use-after-free during XML transformations.\n If a user were tricked in to opening a specially crafted website in a\n browsing context, an attacker could potentially exploit this to cause a\n denial of service via application crash, or execute arbitrary code with\n the privileges of the user invoking Thunderbird. (CVE-2016-1964)\n\n A memory corruption issue was discovered in the NPAPI subsystem. If\n a user were tricked in to opening a specially crafted website in a\n browsing context with a malicious plugin installed, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Thunderbird. (CVE-2016-1966)\n\n Ronald Crane discovered an out-of-bounds read following a failed\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2934-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2934-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.7.2+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.7.2+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:38.7.2+build1-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2019-06-25T00:00:00", "published": "2016-04-01T00:00:00", "id": "OPENVAS:1361412562310807628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807628", "type": "openvas", "title": "Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807628\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n\t\t\"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n\t\t\"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n\t\t\"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-1953\", \"CVE-2016-1950\",\n\t\t\"CVE-2016-1974\", \"CVE-2016-1966\", \"CVE-2016-1964\", \"CVE-2016-1961\",\n\t\t\"CVE-2016-1960\", \"CVE-2016-1957\", \"CVE-2016-1954\", \"CVE-2016-1952\");\n script_bugtraq_id(84222, 84221, 84223, 84219, 84218);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:29 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - The 'nsScannerString::AppendUnicodeTo' function does not verify that memory\n allocation succeeds.\n\n - A memory corruption vulnerability in NPAPI plugin.\n\n - An use-after-free vulnerability in the 'AtomicBaseIncDec' function.\n\n - An use-after-free vulnerability in the 'nsHTMLDocument::SetBody' function in\n 'dom/html/nsHTMLDocument.cpp' script.\n\n - Memory leak in libstagefright when deleting an array during MP4 processing.\n\n - The 'nsCSPContext::SendReports' function in 'dom/security/nsCSPContext.cpp'\n script does not prevent use of a non-HTTP report-uri for a (CSP) violation report.\n\n - The multiple unspecified vulnerabilities in the browser engine.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerabilities will allow remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 38.7 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 38.7\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"38.7\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"38.7\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2018-10-29T00:00:00", "published": "2016-04-01T00:00:00", "id": "OPENVAS:1361412562310807627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807627", "type": "openvas", "title": "Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2016-16_2016-38_win.nasl 12149 2018-10-29 10:48:30Z asteins $\n#\n# Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807627\");\n script_version(\"$Revision: 12149 $\");\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n\t\t\"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n\t\t\"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n\t\t\"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-1953\", \"CVE-2016-1950\",\n\t\t\"CVE-2016-1974\", \"CVE-2016-1966\", \"CVE-2016-1964\", \"CVE-2016-1961\",\n\t\t\"CVE-2016-1960\", \"CVE-2016-1957\", \"CVE-2016-1954\", \"CVE-2016-1952\");\n script_bugtraq_id(84222, 84221, 84223, 84219, 84218);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-29 11:48:30 +0100 (Mon, 29 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:33 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates(mfsa_2016-16_2016-38)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - The 'nsScannerString::AppendUnicodeTo' function does not verify that memory\n allocation succeeds.\n\n - A memory corruption vulnerability in NPAPI plugin.\n\n - An use-after-free vulnerability in the 'AtomicBaseIncDec' function.\n\n - An use-after-free vulnerability in the 'nsHTMLDocument::SetBody' function in\n 'dom/html/nsHTMLDocument.cpp' script.\n\n - Memory leak in libstagefright when deleting an array during MP4 processing.\n\n - The 'nsCSPContext::SendReports' function in 'dom/security/nsCSPContext.cpp'\n script does not prevent use of a non-HTTP report-uri for a (CSP) violation report.\n\n - The multiple unspecified vulnerabilities in the browser engine.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerabilities will allow remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 38.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 38.7\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"38.7\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"38.7\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Multiple security issues have been found\nin Icedove, Debian", "modified": "2019-03-18T00:00:00", "published": "2016-03-18T00:00:00", "id": "OPENVAS:1361412562310703520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703520", "type": "openvas", "title": "Debian Security Advisory DSA 3520-1 (icedove - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3520.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3520-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703520\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1954\", \"CVE-2016-1957\", \"CVE-2016-1960\",\n \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1964\", \"CVE-2016-1966\",\n \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\",\n \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\",\n \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\",\n \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_name(\"Debian Security Advisory DSA 3520-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-18 00:00:00 +0100 (Fri, 18 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3520.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 38.7.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.7.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.7.0-1.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, integer overflows, buffer overflows and other implementation errors\nmay lead to the execution of arbitrary code or denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"38.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"38.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"38.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"38.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"38.7.0-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"38.7.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"38.7.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"38.7.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"38.7.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"38.7.0-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, and Randell Jesup discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Thunderbird. (CVE-2016-1952)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website in a browsing context with addon signing disabled and \nunpacked addons installed, an attacker could potentially exploit this to \ngain additional privileges. (CVE-2016-1954)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website in a \nbrowsing context, an attacker could potentially exploit this to cause a \ndenial of service via memory exhaustion. (CVE-2016-1957)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website in a browsing context, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the user \ninvoking Thunderbird. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website in a \nbrowsing context, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Thunderbird. (CVE-2016-1961)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website in a \nbrowsing context, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Thunderbird. (CVE-2016-1964)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website in a \nbrowsing context with a malicious plugin installed, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2016-1966)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit this to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Thunderbird. (CVE-2016-1974)\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Thunderbird. (CVE-2016-1950)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted message, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 68, "modified": "2016-04-27T00:00:00", "published": "2016-04-27T00:00:00", "id": "USN-2934-1", "href": "https://ubuntu.com/security/notices/USN-2934-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "description": "It was discovered that graphite2 incorrectly handled certain malformed \nfonts. If a user or automated system were tricked into opening a specially- \ncrafted font file, a remote attacker could use this issue to cause \ngraphite2 to crash, resulting in a denial of service, or possibly execute \narbitrary code.", "edition": 5, "modified": "2016-03-14T00:00:00", "published": "2016-03-14T00:00:00", "id": "USN-2927-1", "href": "https://ubuntu.com/security/notices/USN-2927-1", "title": "graphite2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused several \nregressions that could result in search engine settings being lost, the \nlist of search providers appearing empty or the location bar breaking \nafter typing an invalid URL. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-04-07T00:00:00", "published": "2016-04-07T00:00:00", "id": "USN-2917-2", "href": "https://ubuntu.com/security/notices/USN-2917-2", "title": "Firefox regressions", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-03-09T00:00:00", "published": "2016-03-09T00:00:00", "id": "USN-2917-1", "href": "https://ubuntu.com/security/notices/USN-2917-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused several \nweb compatibility regressions.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-04-19T00:00:00", "published": "2016-04-19T00:00:00", "id": "USN-2917-3", "href": "https://ubuntu.com/security/notices/USN-2917-3", "title": "Firefox regressions", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:06:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3520-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-1950 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 \n CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1966\n CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791\n CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795\n CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799\n CVE-2016-2800 CVE-2016-2801 CVE-2016-2802\n\nMultiple security issues have been found in Icedove, Debian&#x27;s version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.7.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.7.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.7.0-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2016-03-18T21:06:26", "published": "2016-03-18T21:06:26", "id": "DEBIAN:DSA-3520-1:A2087", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00094.html", "title": "[SECURITY] [DSA 3520-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:01:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3515-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 13, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : graphite2\nCVE ID : CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 \n CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796\n CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800\n CVE-2016-2801 CVE-2016-2802\n\nMultiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.3.6-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.3.6-1~deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.3.6-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-1.\n\nWe recommend that you upgrade your graphite2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2016-03-13T19:14:19", "published": "2016-03-13T19:14:19", "id": "DEBIAN:DSA-3515-1:A2A41", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00089.html", "title": "[SECURITY] [DSA 3515-1] graphite2 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3510-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 \n CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962\n CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974\n CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792\n CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796\n CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800\n CVE-2016-2801 CVE-2016-2802\n\nMultiple security issues have been found in Iceweasel, Debian&#x27;s version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows, use-after-frees and other implementation errors may\nlead to the execution of arbitrary code, denial of service, address bar\nspoofing and overwriting local files.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.7.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), Debian is in the process of moving\nback towards using the Firefox name. These problems will soon be fixed\nin the firefox-esr source package.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2016-03-09T18:28:02", "published": "2016-03-09T18:28:02", "id": "DEBIAN:DSA-3510-1:F3E38", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00084.html", "title": "[SECURITY] [DSA 3510-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "edition": 1, "description": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\n\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\n\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "MFSA2016-37", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-37/", "type": "mozilla", "title": "Font vulnerabilities in the Graphite 2 library", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1969", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2791"], "description": "\nMozilla Foundation reports:\n\nSecurity researcher Holger Fuhrmannek and Mozilla\n\t security engineer Tyson Smith reported a number of security\n\t vulnerabilities in the Graphite 2 library affecting version\n\t 1.3.5.\n\n\t The issue reported by Holger Fuhrmannek is a mechanism to\n\t induce stack corruption with a malicious graphite font. This\n\t leads to a potentially exploitable crash when the font is\n\t loaded.\n\n\t Tyson Smith used the Address Sanitizer tool in concert with\n\t a custom software fuzzer to find a series of uninitialized\n\t memory, out-of-bounds read, and out-of-bounds write errors\n\t when working with fuzzed graphite fonts.\n\n\nSecurity researcher James Clawson used the Address\n\t Sanitizer tool to discover an out-of-bounds write in the\n\t Graphite 2 library when loading a crafted Graphite font\n\t file. This results in a potentially exploitable crash.\n\n", "edition": 4, "modified": "2016-03-14T00:00:00", "published": "2016-03-08T00:00:00", "id": "ADFFE823-E692-4921-AE9C-0B825C218372", "href": "https://vuxml.freebsd.org/freebsd/adffe823-e692-4921-ae9c-0b825c218372.html", "title": "graphite2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:30:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1978", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following\n security issues:\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards (rv:45.0 / rv:38.7)\n * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential\n privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting\n an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden\n * MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody\n * MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC\n data channels\n * MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations\n * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation\n and Location protocol property\n * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin\n * MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a\n failed allocation\n * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following\n bugs:\n * added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL if\n detected. It is recommended to use this function in general purpose\n library code.\n * fixed a memory allocation bug related to the PR_*printf functions\n * exported API PR_DuplicateEnvironment, which had already been added in\n NSPR 4.10.9\n * added support for FreeBSD aarch64\n * several minor correctness and compatibility fixes\n\n Mozilla NSS was updated to fix security issues (bsc#969894):\n * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections\n in low memory\n * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS\n * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER\n encoded keys in NSS\n\n", "edition": 1, "modified": "2016-03-30T15:07:52", "published": "2016-03-30T15:07:52", "id": "SUSE-SU-2016:0909-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1978", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security\n issues:\n\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory\n safety hazards (rv:45.0 / rv:38.7)\n * MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential\n privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when\n deleting an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden\n * MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody\n * MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple\n WebRTC data channels\n * MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations\n * MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history\n navigation and Location protocol property\n * MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI\n plugin\n * MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser\n following a failed allocation\n * MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in\n NSS\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in\n the Graphite 2 library.\n\n Mozilla NSPR was updated to version 4.12, fixing following bugs:\n\n * Added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL\n if detected. It is recommended to use this function in general\n purpose library code.\n * Fixed a memory allocation bug related to the PR_*printf functions\n * Exported API PR_DuplicateEnvironment, which had already been added\n in NSPR 4.10.9\n * Several minor correctness and compatibility fixes.\n\n Mozilla NSS was updated to fix security issues:\n\n * MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL\n connections in low memory\n * MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in\n NSS\n * MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER\n encoded keys in NSS.\n\n\n", "edition": 1, "modified": "2016-03-18T18:12:42", "published": "2016-03-18T18:12:42", "id": "SUSE-SU-2016:0820-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1978", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894)\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards (rv:45.0 / rv:38.7)\n * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential\n privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting\n an array during MP4 processing was fixed.\n * MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden\n * MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was\n fixed.\n * MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed.\n * MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC\n data channels was fixed.\n * MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations\n was fixed.\n * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation\n and Location protocol property was fixed.\n * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin\n was fixed.\n * MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser\n following a failed allocation was fixed.\n * MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in\n NSS was fixed.\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities\n were fixed in the embedded Graphite 2 library\n\n Mozilla NSS was updated to fix:\n * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections\n in low memory\n * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS\n * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER\n encoded keys in NSS\n\n Mozilla NSPR was updated to version 4.12 (bsc#969894)\n * added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL if\n detected. It is recommended to use this function in general purpose\n library code.\n * fixed a memory allocation bug related to the PR_*printf functions\n * exported API PR_DuplicateEnvironment, which had already been added in\n NSPR 4.10.9\n * added support for FreeBSD aarch64\n * several minor correctness and compatibility fixes\n * Enable atomic instructions on mips (bmo#1129878)\n * Fix mips assertion failure when creating thread with custom stack size\n (bmo#1129968)\n\n", "edition": 1, "modified": "2016-03-15T19:12:14", "published": "2016-03-15T19:12:14", "id": "SUSE-SU-2016:0777-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1978", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following\n security issues:\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards (rv:45.0 / rv:38.7)\n * MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential\n privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting\n an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden\n * MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody\n * MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC\n data channels\n * MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations\n * MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation\n and Location protocol property\n * MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin\n * MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a\n failed allocation\n * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following\n bugs:\n * added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL if\n detected. It is recommended to use this function in general purpose\n library code.\n * fixed a memory allocation bug related to the PR_*printf functions\n * exported API PR_DuplicateEnvironment, which had already been added in\n NSPR 4.10.9\n * added support for FreeBSD aarch64\n * several minor correctness and compatibility fixes\n\n Mozilla NSS was updated to fix security issues (bsc#969894):\n * MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections\n in low memory\n * MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS\n * MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER\n encoded keys in NSS\n\n", "edition": 1, "modified": "2016-03-11T20:11:56", "published": "2016-03-11T20:11:56", "id": "SUSE-SU-2016:0727-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2015-7207", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2015-4477", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "MozillaThunderbird was updated to 38.7.0 to fix the following issues:\n\n * Update to Thunderbird 38.7.0 (boo#969894)\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation\n using performance.getEntries and history navigation\n * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright\n when deleting an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free\n in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free\n in SetBody\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n", "edition": 1, "modified": "2016-03-26T17:08:36", "published": "2016-03-26T17:08:36", "id": "OPENSUSE-SU-2016:0894-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2015-7207", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1952", "CVE-2015-4477", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "MozillaThunderbird was updated to 38.7.0 to fix the following issues:\n\n * Update to Thunderbird 38.7.0 (boo#969894)\n * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream\n playback\n * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation\n using performance.getEntries and history navigation\n * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright\n when deleting an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free\n in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free\n in SetBody\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n", "edition": 1, "modified": "2016-03-24T15:09:11", "published": "2016-03-24T15:09:11", "id": "OPENSUSE-SU-2016:0876-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-10T16:08:00", "published": "2016-07-10T16:08:00", "id": "OPENSUSE-SU-2016:1767-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:08:02", "published": "2016-07-11T00:08:02", "id": "OPENSUSE-SU-2016:1769-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:13:17", "published": "2016-07-11T00:13:17", "id": "OPENSUSE-SU-2016:1778-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-01-24T16:59:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2790", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1526", "CVE-2016-1522", "CVE-2016-1521", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1523", "CVE-2016-2794", "CVE-2016-2791"], "edition": 1, "description": "### Background\n\nGraphite is a \u201csmart font\u201d system developed specifically to handle the complexities of lesser-known languages of the world. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Graphite. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Graphite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/graphite2-1.3.7\"", "modified": "2017-01-24T00:00:00", "published": "2017-01-24T00:00:00", "href": "https://security.gentoo.org/glsa/201701-63", "id": "GLSA-201701-63", "type": "gentoo", "title": "Graphite: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "- CVE-2016-1952 CVE-2016-1953 (arbitrary code execution)\n\nMozilla developers fixed several memory safety bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances,\nand we presume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\n- CVE-2016-1954 (privilege escalation)\n\nSecurity researcher Nicolas Golubovic reported that a malicious page can\noverwrite files on the user's machine using Content Security Policy\n(CSP) violation reports. The file contents are restricted to the JSON\nformat of the report. In many cases overwriting a local file may simply\nbe destructive, breaking the functionality of that file. The CSP error\nreports can include HTML fragments which could be rendered by browsers.\nIf a user has disabled add-on signing and has installed an &quot;unpacked&quot;\nadd-on, a malicious page could overwrite one of the add-on resources.\nDepending on how this resource is used, this could lead to privilege\nescalation.\n\n- CVE-2016-1955 (information disclosure)\n\nSecurity researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. reported that Content Security Policy (CSP)\nviolation reports contained full path information for cross-origin\niframe navigations in violation of the CSP specification. This could\nresult in information disclosure.\n\n- CVE-2016-1956 (denial of service)\n\nSecurity researcher Ucha Gobejishvili reported a denial of service (DOS)\nattack when doing certain WebGL operations in a canvas requiring an\nunusually large amount buffer to be allocated from video memory. This\nresulted in memory resource exhaustion with some Intel video cards,\nrequiring the computer to be rebooted to return functionality. This was\nresolved by putting in additional checks on the amount of memory to be\nallocated during graphics processing.\n\n- CVE-2016-1957 (resource consumption)\n\nSecurity researchers Jose Martinez and Romina Santillan reported a\nmemory leak in the libstagefright library when array destruction occurs\nduring MPEG4 video file processing.\n\n- CVE-2016-1958 (addressbar spoofing)\n\nSecurity researcher Abdulrahman Alqabandi reported an issue where an\nattacker can load an arbitrary web page but the addressbar's displayed\nURL will be blank or filled with page defined content. This can be used\nto obfuscate which page is currently loaded and allows for an attacker\nto spoof an existing page without the malicious page's address being\ndisplayed correctly.\n\n- CVE-2016-1959 (denial of service)\n\nSecurity researcher Looben Yang reported a mechanism where the Clients\nAPI in Service Workers can be used to trigger an out-of-bounds read in\nServiceWorkerManager. This results in a potentially exploitable crash.\n\n- CVE-2016-1960 (arbitrary code execution)\n\nSecurity researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing\na particular set of table-related tags in a foreign fragment context\nsuch as SVG. This results in a potentially exploitable crash.\n\n- CVE-2016-1961 (arbitrary code execution)\n\nSecurity researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of HTMLDocument.\nThis results in a potentially exploitable crash.\n\n- CVE-2016-1962 (arbitrary code execution)\n\nSecurity researcher Dominique Haza&#235;l-Massieux reported a use-after-free\nissue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed\nfrom within a call through it.\n\n- CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793\n CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798\n CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802\n (buffer overflow)\n\nSecurity researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the\nGraphite 2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce stack\ncorruption with a malicious graphite font. This leads to a potentially\nexploitable crash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds\nread, and out-of-bounds write errors when working with fuzzed graphite\nfonts.\n\n- CVE-2016-1963 (denial of service)\n\nSecurity researcher Oriol reported memory corruption when local files\nare modified (by either the user or another program) at the same time\nbeing read using the FileReader API. This flaw requires that input be\ntaken from a local file in order to be triggered and cannot be triggered\nby web content. This results in a potentially exploitable crash when\ntriggered.\n\n- CVE-2016-1964 (arbitrary code execution)\n\nSecurity researcher Nicolas Gr&#233;goire used the Address Sanitizer to find\na use-after-free during XML transformation operations. This results in a\npotentially exploitable crash triggerable by web content.\n\n- CVE-2016-1965 (addressbar spoofing)\n\nSecurity researcher Tsubasa Iinuma reported a mechanism where the\ndisplayed addressbar can be spoofed to users. This issue involves using\nhistory navigation in concert with the Location protocol property. After\nnavigating from a malicious page to another, if the user navigates back\nto the initial page, the displayed URL will not reflect the reloaded\npage. This could be used to trick users into potentially treating the\npage as a different and trusted site.\n\n- CVE-2016-1966 (remote code execution)\n\nThe Communications Electronics Security Group (UK) of the GCHQ reported\na dangling pointer dereference within the Netscape Plugin Application\nProgramming Interface (NPAPI) that could lead to the NPAPI subsystem\ncrashing. This issue requires a maliciously crafted NPAPI plugin in\nconcert with scripted web content, resulting in a potentially\nexploitable crash when triggered.\n\n- CVE-2016-1967 (same-origin policy bypass)\n\nSecurity researcher Jordi Chancel discovered a variant of Mozilla\nFoundation Security Advisory 2015-136 which was fixed in Firefox 43. In\nthe original bug, it was possible to read cross-origin URLs following a\nredirect if performance.getEntries() was used along with an iframe to\nhost a page. Navigating back in history through script, content was\npulled from the browser cache for the redirected location instead of\ngoing to the original location. In the newly reported variant issue, it\nwas found that if a browser session was restored, history navigation\nwould still allow for the same attack as content was restored from the\nbrowser cache. This is a same-origin policy violation and could allow\nfor data theft.\n\n- CVE-2016-1968 (remote code execution)\n\nSecurity researcher Luke Li reported a pointer underflow bug in the\nBrotli library's decompression that leads to a buffer overflow. This\nresults in a potentially exploitable crash when triggered.\n\n- CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1975 CVE-2016-197\n (denial of service)\n\nSecurity researcher Ronald Crane reported five &quot;moderate&quot; rated\nvulnerabilities affecting released code that were found through code\ninspection. These included the following issues in WebRTC: an integer\nunderflow, a missing status check, race condition, and a use of deleted\npointers to create new object. A race condition in LibVPX was also\nidentified. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to\ntrigger them.\n\n- CVE-2016-1973 (use-after-free)\n\nSecurity researcher Ronald Crane reported a race condition in\nGetStaticInstance in WebRTC which results in a use-after-free. This\ncould result in a potentially exploitable crash. This issue was found\nthrough code inspection and does not have clear mechanism to be\nexploited through web content but is vulnerable if a mechanism can be\nfound to trigger it.\n\n- CVE-2016-1974 (denial of service)\n\nSecurity researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with\nunicode strings. This can also affect the parsing of XML and SVG format\ndata. This leads to a potentially exploitable crash.", "modified": "2016-03-09T00:00:00", "published": "2016-03-09T00:00:00", "id": "ASA-201603-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}