ID ASA-201604-12 Type archlinux Reporter Arch Linux Modified 2016-04-23T00:00:00
Description
CVE-2016-1955 (same-origin policy bypass)
A vulnerability allows remote attackers to bypass the Same Origin Policy
and obtain sensitive information by reading a Content Security Policy
(CSP) violation report that contains path information associated with an
IFRAME element.
CVE-2016-1956 (denial of service)
Security researcher Ucha Gobejishvili reported a denial of service (DOS)
attack when doing certain WebGL operations in a canvas requiring an
unusually large amount buffer to be allocated from video memory. This
resulted memory resource exhaustion with some Intel video cards,
requiring the computer to be rebooted to return functionality. This was
resolved by putting in additional checks on the amount of memory to be
allocated during graphics processing.
{"id": "ASA-201604-12", "type": "archlinux", "bulletinFamily": "unix", "title": "thunderbird: multiple issues", "description": "- CVE-2016-1955 (same-origin policy bypass)\n\nA vulnerability allows remote attackers to bypass the Same Origin Policy\nand obtain sensitive information by reading a Content Security Policy\n(CSP) violation report that contains path information associated with an\nIFRAME element.\n\n- CVE-2016-1956 (denial of service)\n\nSecurity researcher Ucha Gobejishvili reported a denial of service (DOS)\nattack when doing certain WebGL operations in a canvas requiring an\nunusually large amount buffer to be allocated from video memory. This\nresulted memory resource exhaustion with some Intel video cards,\nrequiring the computer to be rebooted to return functionality. This was\nresolved by putting in additional checks on the amount of memory to be\nallocated during graphics processing.", "published": "2016-04-23T00:00:00", "modified": "2016-04-23T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html", "reporter": "Arch Linux", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/", "https://access.redhat.com/security/cve/CVE-2016-1956", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/", "https://access.redhat.com/security/cve/CVE-2016-1955"], "cvelist": ["CVE-2016-1955", "CVE-2016-1956"], "lastseen": "2016-09-02T18:44:40", "viewCount": 7, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2016-09-02T18:44:40", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1955", "CVE-2016-1956"]}, {"type": "mozilla", "idList": ["MFSA2016-19", "MFSA2016-18"]}, {"type": "freebsd", "idList": ["2225C5B4-1E5A-44FC-9920-B3201C384A15"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-332.NASL", "OPENSUSE-2016-848.NASL", "MOZILLA_FIREFOX_45.NASL", "UBUNTU_USN-2917-1.NASL", "OPENSUSE-2016-334.NASL", "UBUNTU_USN-2917-3.NASL", "OPENSUSE-2016-851.NASL", "MACOSX_FIREFOX_45.NASL", "FREEBSD_PKG_2225C5B41E5A44FC9920B3201C384A15.NASL", "UBUNTU_USN-2917-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851366", "OPENVAS:1361412562310842718", "OPENVAS:1361412562310842678", "OPENVAS:1361412562310851365", "OPENVAS:1361412562310808695", "OPENVAS:1361412562310851230", "OPENVAS:1361412562310808696", "OPENVAS:1361412562310851234", "OPENVAS:1361412562310807520", "OPENVAS:1361412562310807521"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0731-1", "OPENSUSE-SU-2016:0733-1", "OPENSUSE-SU-2016:1778-1", "OPENSUSE-SU-2016:1769-1", "OPENSUSE-SU-2016:1767-1"]}, {"type": "ubuntu", "idList": ["USN-2917-2", "USN-2917-3", "USN-2917-1"]}, {"type": "archlinux", "idList": ["ASA-201603-4"]}, {"type": "kaspersky", "idList": ["KLA10765"]}, {"type": "gentoo", "idList": ["GLSA-201605-06"]}], "modified": "2016-09-02T18:44:40", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"packageFilename": "UNKNOWN", "packageName": "thunderbird", "packageVersion": "45.0-1", "operator": "lt", "OSVersion": "any", "OS": "any", "arch": "any"}]}
{"cve": [{"lastseen": "2021-02-02T06:28:04", "description": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-13T18:59:00", "title": "CVE-2016-1956", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1956"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:novell:suse_package_hub_for_suse_linux_enterprise:12", "cpe:/a:mozilla:firefox:44.0.2", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-1956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1956", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-03-13T18:59:00", "title": "CVE-2016-1955", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1955"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:novell:suse_package_hub_for_suse_linux_enterprise:12", "cpe:/a:mozilla:firefox:44.0.2", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-1955", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1955", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}], "mozilla": [{"lastseen": "2016-09-05T13:37:43", "bulletinFamily": "software", "cvelist": ["CVE-2016-1956"], "edition": 1, "description": "Security researcher Ucha Gobejishvili reported a denial of service\n(DOS) attack when doing certain WebGL operations in a canvas requiring an unusually large\namount buffer to be allocated from video memory. This resulted in memory resource\nexhaustion with some Intel video cards, requiring the computer to be rebooted to return\nfunctionality. This was resolved by putting in additional checks on the amount of memory\nto be allocated during graphics processing.\nThis issue was limited to a subset of Intel drivers on Linux. Other\noperating systems were not affected.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "MFSA2016-19", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-19/", "type": "mozilla", "title": "Linux video memory DOS with Intel drivers", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:43", "bulletinFamily": "software", "cvelist": ["CVE-2016-1955"], "edition": 1, "description": "Security researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. reported that Content Security Policy (CSP) violation reports\ncontained full path information for cross-origin iframe navigations in violation of the\nCSP specification. This could result in information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "MFSA2016-18", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-18/", "type": "mozilla", "title": "CSP reports fail to strip location information for embedded iframe pages", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-1975", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-1955", "CVE-2016-1962", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-1956", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1967", "CVE-2016-1954", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "\nMozilla Foundation reports:\n\nMFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0\n\t / rv:38.7)\nMFSA 2016-17 Local file overwriting and potential\n\t privilege escalation through CSP reports\nMFSA 2016-18 CSP reports fail to strip location\n\t information for embedded iframe pages\nMFSA 2016-19 Linux video memory DOS with Intel\n\t drivers\nMFSA 2016-20 Memory leak in libstagefright when deleting\n\t an array during MP4 processing\nMFSA 2016-21 Displayed page address can be overridden\nMFSA 2016-22 Service Worker Manager out-of-bounds read in\n\t Service Worker Manager\nMFSA 2016-23 Use-after-free in HTML5 string parser\nMFSA 2016-24 Use-after-free in SetBody\nMFSA 2016-25 Use-after-free when using multiple WebRTC\n\t data channels\nMFSA 2016-26 Memory corruption when modifying a file\n\t being read by FileReader\nMFSA 2016-27 Use-after-free during XML\n\t transformations\nMFSA 2016-28 Addressbar spoofing though history\n\t navigation and Location protocol property\nMFSA 2016-29 Same-origin policy violation using\n\t perfomance.getEntries and history navigation with session\n\t restore\nMFSA 2016-31 Memory corruption with malicious NPAPI\n\t plugin\nMFSA 2016-32 WebRTC and LibVPX vulnerabilities found\n\t through code inspection\nMFSA 2016-33 Use-after-free in GetStaticInstance in\n\t WebRTC\nMFSA 2016-34 Out-of-bounds read in HTML parser following\n\t a failed allocation\n\n", "edition": 4, "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "2225C5B4-1E5A-44FC-9920-B3201C384A15", "href": "https://vuxml.freebsd.org/freebsd/2225c5b4-1e5a-44fc-9920-b3201c384a15.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T10:48:06", "description": "Mozilla Foundation reports :\n\nMFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)\n\nMFSA 2016-17 Local file overwriting and potential privilege escalation\nthrough CSP reports\n\nMFSA 2016-18 CSP reports fail to strip location information for\nembedded iframe pages\n\nMFSA 2016-19 Linux video memory DOS with Intel drivers\n\nMFSA 2016-20 Memory leak in libstagefright when deleting an array\nduring MP4 processing\n\nMFSA 2016-21 Displayed page address can be overridden\n\nMFSA 2016-22 Service Worker Manager out-of-bounds read in Service\nWorker Manager\n\nMFSA 2016-23 Use-after-free in HTML5 string parser\n\nMFSA 2016-24 Use-after-free in SetBody\n\nMFSA 2016-25 Use-after-free when using multiple WebRTC data channels\n\nMFSA 2016-26 Memory corruption when modifying a file being read by\nFileReader\n\nMFSA 2016-27 Use-after-free during XML transformations\n\nMFSA 2016-28 Addressbar spoofing though history navigation and\nLocation protocol property\n\nMFSA 2016-29 Same-origin policy violation using perfomance.getEntries\nand history navigation with session restore\n\nMFSA 2016-31 Memory corruption with malicious NPAPI plugin\n\nMFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code\ninspection\n\nMFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC\n\nMFSA 2016-34 Out-of-bounds read in HTML parser following a failed\nallocation", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-09T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-1975", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-1955", "CVE-2016-1962", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-1956", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1967", "CVE-2016-1954", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-03-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_2225C5B41E5A44FC9920B3201C384A15.NASL", "href": "https://www.tenable.com/plugins/nessus/89765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89765);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1970\", \"CVE-2016-1971\", \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\", \"CVE-2016-1976\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nMFSA 2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)\n\nMFSA 2016-17 Local file overwriting and potential privilege escalation\nthrough CSP reports\n\nMFSA 2016-18 CSP reports fail to strip location information for\nembedded iframe pages\n\nMFSA 2016-19 Linux video memory DOS with Intel drivers\n\nMFSA 2016-20 Memory leak in libstagefright when deleting an array\nduring MP4 processing\n\nMFSA 2016-21 Displayed page address can be overridden\n\nMFSA 2016-22 Service Worker Manager out-of-bounds read in Service\nWorker Manager\n\nMFSA 2016-23 Use-after-free in HTML5 string parser\n\nMFSA 2016-24 Use-after-free in SetBody\n\nMFSA 2016-25 Use-after-free when using multiple WebRTC data channels\n\nMFSA 2016-26 Memory corruption when modifying a file being read by\nFileReader\n\nMFSA 2016-27 Use-after-free during XML transformations\n\nMFSA 2016-28 Addressbar spoofing though history navigation and\nLocation protocol property\n\nMFSA 2016-29 Same-origin policy violation using perfomance.getEntries\nand history navigation with session restore\n\nMFSA 2016-31 Memory corruption with malicious NPAPI plugin\n\nMFSA 2016-32 WebRTC and LibVPX vulnerabilities found through code\ninspection\n\nMFSA 2016-33 Use-after-free in GetStaticInstance in WebRTC\n\nMFSA 2016-34 Out-of-bounds read in HTML parser following a failed\nallocation\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-16/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-17/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-18/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-19/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-20/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-21/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-22/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-23/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-24/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-25/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-26/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-27/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-28/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-29/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-31/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-32/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-33/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-34/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\"\n );\n # https://vuxml.freebsd.org/freebsd/2225c5b4-1e5a-44fc-9920-b3201c384a15.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6acefea3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<45.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<38.7.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<38.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<38.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<38.7.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:46", "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used\nin a browser context, such as viewing a web page or HTMl formatted\ne-mail.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs\n (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release:\n(boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory\n safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release:\n(boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory\n safety hazards (MFSA 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential\n privilege escalation through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location\n information for embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers\n (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when\n deleting an array during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser\n (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations\n (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser\n following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the\nfollowing font vulnerabilities :\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included :\n\n - fix build issues with gcc/binutils combination used in\n Leap 42.2 (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-07-11T00:00:00", "title": "openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-851)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-07-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-851.NASL", "href": "https://www.tenable.com/plugins/nessus/91986", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-851.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91986);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2815\", \"CVE-2016-2818\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-851)\");\n script_summary(english:\"Check for the openSUSE-2016-851 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used\nin a browser context, such as viewing a web page or HTMl formatted\ne-mail.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs\n (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release:\n(boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory\n safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release:\n(boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory\n safety hazards (MFSA 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential\n privilege escalation through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location\n information for embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers\n (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when\n deleting an array during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser\n (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations\n (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser\n following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the\nfollowing font vulnerabilities :\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included :\n\n - fix build issues with gcc/binutils combination used in\n Leap 42.2 (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-buildsymbols-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debuginfo-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debugsource-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-devel-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-common-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-other-45.2-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-buildsymbols-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debuginfo-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debugsource-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-devel-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-common-45.2-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-other-45.2-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:45", "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used\nin a browser context, such as viewing a web page or HTMl formatted\ne-mail.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs\n (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release:\n(boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory\n safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release:\n(boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory\n safety hazards (MFSA 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential\n privilege escalation through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location\n information for embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers\n (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when\n deleting an array during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser\n (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations\n (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser\n following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the\nfollowing font vulnerabilities :\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included :\n\n - fix build issues with gcc/binutils combination used in\n Leap 42.2 (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-07-11T00:00:00", "title": "openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "modified": "2016-07-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-848.NASL", "href": "https://www.tenable.com/plugins/nessus/91985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-848.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91985);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1964\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2815\", \"CVE-2016-2818\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)\");\n script_summary(english:\"Check for the openSUSE-2016-848 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used\nin a browser context, such as viewing a web page or HTMl formatted\ne-mail.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs\n (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release:\n(boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory\n safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release:\n(boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory\n safety hazards (MFSA 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential\n privilege escalation through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location\n information for embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers\n (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when\n deleting an array during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser\n (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations\n (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser\n following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the\nfollowing font vulnerabilities :\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included :\n\n - fix build issues with gcc/binutils combination used in\n Leap 42.2 (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-45.2-70.83.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-45.2-70.83.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:26", "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused\nseveral web compatibility regressions.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup,\nCarsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea\nMarchesini, and Jukka Jylanki discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can\nbe used to overwrite local files. If a user were tricked in\nto opening a specially crafted website with addon signing\ndisabled and unpacked addons installed, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports\ncontained full paths for cross-origin iframe navigations. An\nattacker could potentially exploit this to steal\nconfidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL\noperations resulted in memory resource exhaustion with some\nIntel GPUs, requiring a reboot. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service.\n(CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak\nin libstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via memory\nexhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could\nbe blank or filled with page defined content in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service\nWorker Manager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when\nusing multiple WebRTC data channels. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are\nmodified whilst being read by the FileReader API. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary\ncode with the privileges of the user invoking Firefox.\n(CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the\naddressbar to display an incorrect URL, using history\nnavigations and the Location protocol property. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI\nsubsystem. If a user were tricked in to opening a specially\ncrafted website with a malicious plugin installed, an\nattacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when\nusing performance.getEntries and history navigation with\nsession restore. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli\ndecompression in some circumstances. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in\nGetStaticInstance in WebRTC. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a\nfailed allocation in the HTML parser in some circumstances.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek\nreported multiple memory safety issues in the Graphite 2\nlibrary. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794,\nCVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\nCVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-20T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-04-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2917-3.NASL", "href": "https://www.tenable.com/plugins/nessus/90598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2917-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90598);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"USN\", value:\"2917-3\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2917-1 fixed vulnerabilities in Firefox. This update caused\nseveral web compatibility regressions.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup,\nCarsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea\nMarchesini, and Jukka Jylanki discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can\nbe used to overwrite local files. If a user were tricked in\nto opening a specially crafted website with addon signing\ndisabled and unpacked addons installed, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports\ncontained full paths for cross-origin iframe navigations. An\nattacker could potentially exploit this to steal\nconfidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL\noperations resulted in memory resource exhaustion with some\nIntel GPUs, requiring a reboot. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service.\n(CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak\nin libstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via memory\nexhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could\nbe blank or filled with page defined content in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service\nWorker Manager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when\nusing multiple WebRTC data channels. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are\nmodified whilst being read by the FileReader API. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary\ncode with the privileges of the user invoking Firefox.\n(CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the\naddressbar to display an incorrect URL, using history\nnavigations and the Location protocol property. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI\nsubsystem. If a user were tricked in to opening a specially\ncrafted website with a malicious plugin installed, an\nattacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when\nusing performance.getEntries and history navigation with\nsession restore. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli\ndecompression in some circumstances. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in\nGetStaticInstance in WebRTC. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a\nfailed allocation in the HTML parser in some circumstances.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek\nreported multiple memory safety issues in the Graphite 2\nlibrary. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794,\nCVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\nCVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2917-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"45.0.2+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"45.0.2+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"firefox\", pkgver:\"45.0.2+build1-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:26", "description": "Francis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo\nPascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1952, CVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a\nspecially crafted website with addon signing disabled and unpacked\naddons installed, an attacker could potentially exploit this to gain\nadditional privileges. (CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full\npaths for cross-origin iframe navigations. An attacker could\npotentially exploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations\nresulted in memory resource exhaustion with some Intel GPUs, requiring\na reboot. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via memory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or\nfilled with page defined content in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker\nManager. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when using\nmultiple WebRTC data channels. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified\nwhilst being read by the FileReader API. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to\ndisplay an incorrect URL, using history navigations and the Location\nprotocol property. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to conduct\nURL spoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If a\nuser were tricked in to opening a specially crafted website with a\nmalicious plugin installed, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using\nperformance.getEntries and history navigation with session restore. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to steal confidential data.\n(CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in\nWebRTC. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,\nCVE-2016-2800, CVE-2016-2801, CVE-2016-2802).", "edition": 21, "published": "2016-03-10T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2917-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2917-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89826);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"USN\", value:\"2917-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Francis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo\nPascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1952, CVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a\nspecially crafted website with addon signing disabled and unpacked\naddons installed, an attacker could potentially exploit this to gain\nadditional privileges. (CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full\npaths for cross-origin iframe navigations. An attacker could\npotentially exploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations\nresulted in memory resource exhaustion with some Intel GPUs, requiring\na reboot. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via memory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or\nfilled with page defined content in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker\nManager. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when using\nmultiple WebRTC data channels. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified\nwhilst being read by the FileReader API. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to\ndisplay an incorrect URL, using history navigations and the Location\nprotocol property. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to conduct\nURL spoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If a\nuser were tricked in to opening a specially crafted website with a\nmalicious plugin installed, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using\nperformance.getEntries and history navigation with session restore. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to steal confidential data.\n(CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in\nWebRTC. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\nCVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,\nCVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\n# Temp disable\nexit(0, \"This plugin is temporarily disabled.\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"45.0+build2-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"45.0+build2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"firefox\", pkgver:\"45.0+build2-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:26", "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused\nseveral regressions that could result in search engine settings being\nlost, the list of search providers appearing empty or the location bar\nbreaking after typing an invalid URL. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup,\nCarsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea\nMarchesini, and Jukka Jylanki discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can\nbe used to overwrite local files. If a user were tricked in\nto opening a specially crafted website with addon signing\ndisabled and unpacked addons installed, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports\ncontained full paths for cross-origin iframe navigations. An\nattacker could potentially exploit this to steal\nconfidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL\noperations resulted in memory resource exhaustion with some\nIntel GPUs, requiring a reboot. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service.\n(CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak\nin libstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via memory\nexhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could\nbe blank or filled with page defined content in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service\nWorker Manager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when\nusing multiple WebRTC data channels. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are\nmodified whilst being read by the FileReader API. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary\ncode with the privileges of the user invoking Firefox.\n(CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the\naddressbar to display an incorrect URL, using history\nnavigations and the Location protocol property. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI\nsubsystem. If a user were tricked in to opening a specially\ncrafted website with a malicious plugin installed, an\nattacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when\nusing performance.getEntries and history navigation with\nsession restore. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli\ndecompression in some circumstances. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in\nGetStaticInstance in WebRTC. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a\nfailed allocation in the HTML parser in some circumstances.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek\nreported multiple memory safety issues in the Graphite 2\nlibrary. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794,\nCVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\nCVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-08T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-04-08T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2917-2.NASL", "href": "https://www.tenable.com/plugins/nessus/90421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2917-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90421);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_xref(name:\"USN\", value:\"2917-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2917-1 fixed vulnerabilities in Firefox. This update caused\nseveral regressions that could result in search engine settings being\nlost, the list of search providers appearing empty or the location bar\nbreaking after typing an invalid URL. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in\nNSS. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew\nMcCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup,\nCarsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea\nMarchesini, and Jukka Jylanki discovered multiple memory\nsafety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can\nbe used to overwrite local files. If a user were tricked in\nto opening a specially crafted website with addon signing\ndisabled and unpacked addons installed, an attacker could\npotentially exploit this to gain additional privileges.\n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports\ncontained full paths for cross-origin iframe navigations. An\nattacker could potentially exploit this to steal\nconfidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL\noperations resulted in memory resource exhaustion with some\nIntel GPUs, requiring a reboot. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service.\n(CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak\nin libstagefright during MPEG4 video file processing in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via memory\nexhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could\nbe blank or filled with page defined content in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to conduct URL spoofing attacks.\n(CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service\nWorker Manager. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of\nHTMLDocument. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Hazael-Massieux discovered a use-after-free when\nusing multiple WebRTC data channels. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are\nmodified whilst being read by the FileReader API. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary\ncode with the privileges of the user invoking Firefox.\n(CVE-2016-1963)\n\nNicolas Gregoire discovered a use-after-free during XML\ntransformations. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the\naddressbar to display an incorrect URL, using history\nnavigations and the Location protocol property. If a user\nwere tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI\nsubsystem. If a user were tricked in to opening a specially\ncrafted website with a malicious plugin installed, an\nattacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox.\n(CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when\nusing performance.getEntries and history navigation with\nsession restore. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli\ndecompression in some circumstances. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in\nGetStaticInstance in WebRTC. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a\nfailed allocation in the HTML parser in some circumstances.\nIf a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek\nreported multiple memory safety issues in the Graphite 2\nlibrary. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2016-1977, CVE-2016-2790,\nCVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794,\nCVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\nCVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2917-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"45.0.1+build1-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"45.0.1+build1-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"firefox\", pkgver:\"45.0.1+build1-0ubuntu0.15.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:06", "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\nfollowing issues :\n\nMozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n - requires NSPR 4.12 / NSS 3.21.1\n\n - Instant browser tab sharing through Hello\n\n - Synced Tabs button in button bar\n\n - Tabs synced via Firefox Accounts from other devices are\n now shown in dropdown area of Awesome Bar when searching\n\n - Introduce a new preference (network.dns.blockDotOnion)\n to allow blocking .onion at the DNS level\n\n - Tab Groups (Panorama) feature removed\n\n - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous\n memory safety hazards\n\n - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file\n overwriting and potential privilege escalation through\n CSP reports\n\n - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports\n fail to strip location information for embedded iframe\n pages\n\n - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video\n memory DOS with Intel drivers\n\n - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4\n processing\n\n - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page\n address can be overridden\n\n - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker\n Manager out-of-bounds read in Service Worker Manager\n\n - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)\n Use-after-free in HTML5 string parser\n\n - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)\n Use-after-free in SetBody\n\n - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free\n when using multiple WebRTC data channels\n\n - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory\n corruption when modifying a file being read by\n FileReader\n\n - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free\n during XML transformations\n\n - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar\n spoofing though history navigation and Location protocol\n property\n\n - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin\n policy violation using perfomance.getEntries and history\n navigation with session restore\n\n - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow\n in Brotli decompression\n\n - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory\n corruption with malicious NPAPI plugin\n\n - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX\n vulnerabilities found through code inspection\n\n - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free\n in GetStaticInstance in WebRTC\n\n - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds\n read in HTML parser following a failed allocation\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font\n vulnerabilities in the Graphite 2 library\n\n mozilla-nspr was updated to version 4.12\n\n - added a PR_GetEnvSecure function, which attempts to\n detect if the program is being executed with elevated\n privileges, and returns NULL if detected. It is\n recommended to use this function in general purpose\n library code.\n\n - fixed a memory allocation bug related to the PR_*printf\n functions\n\n - exported API PR_DuplicateEnvironment, which had already\n been added in NSPR 4.10.9\n\n - added support for FreeBSD aarch64\n\n - several minor correctness and compatibility fixes\n\n mozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n\n - required for Firefox 45.0\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "title": "openSUSE Security Update : Firefox (openSUSE-2016-334)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-03-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-334.NASL", "href": "https://www.tenable.com/plugins/nessus/89915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-334.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89915);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1970\", \"CVE-2016-1971\", \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\", \"CVE-2016-1976\", \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-334)\");\n script_summary(english:\"Check for the openSUSE-2016-334 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\nfollowing issues :\n\nMozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n - requires NSPR 4.12 / NSS 3.21.1\n\n - Instant browser tab sharing through Hello\n\n - Synced Tabs button in button bar\n\n - Tabs synced via Firefox Accounts from other devices are\n now shown in dropdown area of Awesome Bar when searching\n\n - Introduce a new preference (network.dns.blockDotOnion)\n to allow blocking .onion at the DNS level\n\n - Tab Groups (Panorama) feature removed\n\n - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous\n memory safety hazards\n\n - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file\n overwriting and potential privilege escalation through\n CSP reports\n\n - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports\n fail to strip location information for embedded iframe\n pages\n\n - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video\n memory DOS with Intel drivers\n\n - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4\n processing\n\n - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page\n address can be overridden\n\n - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker\n Manager out-of-bounds read in Service Worker Manager\n\n - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)\n Use-after-free in HTML5 string parser\n\n - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)\n Use-after-free in SetBody\n\n - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free\n when using multiple WebRTC data channels\n\n - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory\n corruption when modifying a file being read by\n FileReader\n\n - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free\n during XML transformations\n\n - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar\n spoofing though history navigation and Location protocol\n property\n\n - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin\n policy violation using perfomance.getEntries and history\n navigation with session restore\n\n - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow\n in Brotli decompression\n\n - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory\n corruption with malicious NPAPI plugin\n\n - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX\n vulnerabilities found through code inspection\n\n - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free\n in GetStaticInstance in WebRTC\n\n - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds\n read in HTML parser following a failed allocation\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font\n vulnerabilities in the Graphite 2 library\n\n mozilla-nspr was updated to version 4.12\n\n - added a PR_GetEnvSecure function, which attempts to\n detect if the program is being executed with elevated\n privileges, and returns NULL if detected. It is\n recommended to use this function in general purpose\n library code.\n\n - fixed a memory allocation bug related to the PR_*printf\n functions\n\n - exported API PR_DuplicateEnvironment, which had already\n been added in NSPR 4.10.9\n\n - added support for FreeBSD aarch64\n\n - several minor correctness and compatibility fixes\n\n mozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n\n - required for Firefox 45.0\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1185033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1199923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1208946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1219339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1227052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1228103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1228754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1234949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1238440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1240760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1243178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1243335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1249377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=969894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969894\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-45.0-109.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-debuginfo-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-debugsource-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nspr-devel-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.12-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.1-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.1-74.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:05", "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\nfollowing issues :\n\nMozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n - requires NSPR 4.12 / NSS 3.21.1\n\n - Instant browser tab sharing through Hello\n\n - Synced Tabs button in button bar\n\n - Tabs synced via Firefox Accounts from other devices are\n now shown in dropdown area of Awesome Bar when searching\n\n - Introduce a new preference (network.dns.blockDotOnion)\n to allow blocking .onion at the DNS level\n\n - Tab Groups (Panorama) feature removed\n\n - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous\n memory safety hazards\n\n - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file\n overwriting and potential privilege escalation through\n CSP reports\n\n - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports\n fail to strip location information for embedded iframe\n pages\n\n - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video\n memory DOS with Intel drivers\n\n - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4\n processing\n\n - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page\n address can be overridden\n\n - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker\n Manager out-of-bounds read in Service Worker Manager\n\n - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)\n Use-after-free in HTML5 string parser\n\n - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)\n Use-after-free in SetBody\n\n - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free\n when using multiple WebRTC data channels\n\n - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory\n corruption when modifying a file being read by\n FileReader\n\n - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free\n during XML transformations\n\n - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar\n spoofing though history navigation and Location protocol\n property\n\n - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin\n policy violation using perfomance.getEntries and history\n navigation with session restore\n\n - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow\n in Brotli decompression\n\n - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory\n corruption with malicious NPAPI plugin\n\n - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX\n vulnerabilities found through code inspection\n\n - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free\n in GetStaticInstance in WebRTC\n\n - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds\n read in HTML parser following a failed allocation\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font\n vulnerabilities in the Graphite 2 library\n\nmozilla-nspr was updated to version 4.12\n\n - added a PR_GetEnvSecure function, which attempts to\n detect if the program is being executed with elevated\n privileges, and returns NULL if detected. It is\n recommended to use this function in general purpose\n library code.\n\n - fixed a memory allocation bug related to the PR_*printf\n functions\n\n - exported API PR_DuplicateEnvironment, which had already\n been added in NSPR 4.10.9\n\n - added support for FreeBSD aarch64\n\n - several minor correctness and compatibility fixes\n\nmozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n\n - required for Firefox 45.0\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2016-03-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nspr", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nspr-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mozilla-nspr-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource"], "id": "OPENSUSE-2016-332.NASL", "href": "https://www.tenable.com/plugins/nessus/89913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-332.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89913);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\", \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1970\", \"CVE-2016-1971\", \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\", \"CVE-2016-1976\", \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)\");\n script_summary(english:\"Check for the openSUSE-2016-332 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\nfollowing issues :\n\nMozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n - requires NSPR 4.12 / NSS 3.21.1\n\n - Instant browser tab sharing through Hello\n\n - Synced Tabs button in button bar\n\n - Tabs synced via Firefox Accounts from other devices are\n now shown in dropdown area of Awesome Bar when searching\n\n - Introduce a new preference (network.dns.blockDotOnion)\n to allow blocking .onion at the DNS level\n\n - Tab Groups (Panorama) feature removed\n\n - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous\n memory safety hazards\n\n - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file\n overwriting and potential privilege escalation through\n CSP reports\n\n - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports\n fail to strip location information for embedded iframe\n pages\n\n - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video\n memory DOS with Intel drivers\n\n - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4\n processing\n\n - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page\n address can be overridden\n\n - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker\n Manager out-of-bounds read in Service Worker Manager\n\n - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)\n Use-after-free in HTML5 string parser\n\n - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)\n Use-after-free in SetBody\n\n - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free\n when using multiple WebRTC data channels\n\n - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory\n corruption when modifying a file being read by\n FileReader\n\n - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free\n during XML transformations\n\n - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar\n spoofing though history navigation and Location protocol\n property\n\n - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin\n policy violation using perfomance.getEntries and history\n navigation with session restore\n\n - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow\n in Brotli decompression\n\n - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory\n corruption with malicious NPAPI plugin\n\n - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX\n vulnerabilities found through code inspection\n\n - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free\n in GetStaticInstance in WebRTC\n\n - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds\n read in HTML parser following a failed allocation\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font\n vulnerabilities in the Graphite 2 library\n\nmozilla-nspr was updated to version 4.12\n\n - added a PR_GetEnvSecure function, which attempts to\n detect if the program is being executed with elevated\n privileges, and returns NULL if detected. It is\n recommended to use this function in general purpose\n library code.\n\n - fixed a memory allocation bug related to the PR_*printf\n functions\n\n - exported API PR_DuplicateEnvironment, which had already\n been added in NSPR 4.10.9\n\n - added support for FreeBSD aarch64\n\n - several minor correctness and compatibility fixes\n\nmozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n\n - required for Firefox 45.0\n\n - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow\n during ASN.1 decoding in NSS (fixed by requiring 3.21.1)\n\n - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free\n during processing of DER encoded keys in NSS (fixed by\n requiring 3.21.1)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969894\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nspr / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-45.0-65.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nspr-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nspr-debuginfo-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nspr-debugsource-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nspr-devel-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debugsource-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-devel-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-debuginfo-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.12-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.1-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-45.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nspr-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nspr-debuginfo-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nspr-debugsource-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nspr-devel-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debugsource-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-devel-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-debuginfo-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nspr-debuginfo-32bit-4.12-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.1-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.1-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T04:10:13", "description": "The version of Firefox installed on the remote Windows host is prior\nto 45. It is, therefore, affected by multiple vulnerabilities, the\nmajority of which are remote code execution vulnerabilities. An\nunauthenticated, remote attacker can exploit these issues by\nconvincing a user to visit a specially crafted website, resulting in\nthe execution of arbitrary code in the context of the current user.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-11T00:00:00", "title": "Firefox < 45 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1969", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_45.NASL", "href": "https://www.tenable.com/plugins/nessus/89875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89875);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1950\",\n \"CVE-2016-1952\",\n \"CVE-2016-1953\",\n \"CVE-2016-1954\",\n \"CVE-2016-1955\",\n \"CVE-2016-1956\",\n \"CVE-2016-1957\",\n \"CVE-2016-1958\",\n \"CVE-2016-1959\",\n \"CVE-2016-1960\",\n \"CVE-2016-1961\",\n \"CVE-2016-1962\",\n \"CVE-2016-1963\",\n \"CVE-2016-1964\",\n \"CVE-2016-1965\",\n \"CVE-2016-1966\",\n \"CVE-2016-1967\",\n \"CVE-2016-1968\",\n \"CVE-2016-1969\",\n \"CVE-2016-1970\",\n \"CVE-2016-1971\",\n \"CVE-2016-1972\",\n \"CVE-2016-1973\",\n \"CVE-2016-1974\",\n \"CVE-2016-1975\",\n \"CVE-2016-1976\",\n \"CVE-2016-1977\",\n \"CVE-2016-1979\",\n \"CVE-2016-2790\",\n \"CVE-2016-2791\",\n \"CVE-2016-2792\",\n \"CVE-2016-2793\",\n \"CVE-2016-2794\",\n \"CVE-2016-2795\",\n \"CVE-2016-2796\",\n \"CVE-2016-2797\",\n \"CVE-2016-2798\",\n \"CVE-2016-2799\",\n \"CVE-2016-2800\",\n \"CVE-2016-2801\",\n \"CVE-2016-2802\"\n );\n script_xref(name:\"MFSA\", value:\"2016-16\");\n script_xref(name:\"MFSA\", value:\"2016-17\");\n script_xref(name:\"MFSA\", value:\"2016-18\");\n script_xref(name:\"MFSA\", value:\"2016-19\");\n script_xref(name:\"MFSA\", value:\"2016-20\");\n script_xref(name:\"MFSA\", value:\"2016-21\");\n script_xref(name:\"MFSA\", value:\"2016-22\");\n script_xref(name:\"MFSA\", value:\"2016-23\");\n script_xref(name:\"MFSA\", value:\"2016-24\");\n script_xref(name:\"MFSA\", value:\"2016-25\");\n script_xref(name:\"MFSA\", value:\"2016-26\");\n script_xref(name:\"MFSA\", value:\"2016-27\");\n script_xref(name:\"MFSA\", value:\"2016-28\");\n script_xref(name:\"MFSA\", value:\"2016-29\");\n script_xref(name:\"MFSA\", value:\"2016-30\");\n script_xref(name:\"MFSA\", value:\"2016-31\");\n script_xref(name:\"MFSA\", value:\"2016-32\");\n script_xref(name:\"MFSA\", value:\"2016-33\");\n script_xref(name:\"MFSA\", value:\"2016-34\");\n script_xref(name:\"MFSA\", value:\"2016-35\");\n script_xref(name:\"MFSA\", value:\"2016-36\");\n script_xref(name:\"MFSA\", value:\"2016-37\");\n script_xref(name:\"MFSA\", value:\"2016-38\");\n\n script_name(english:\"Firefox < 45 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior\nto 45. It is, therefore, affected by multiple vulnerabilities, the\nmajority of which are remote code execution vulnerabilities. An\nunauthenticated, remote attacker can exploit these issues by\nconvincing a user to visit a specially crafted website, resulting in\nthe execution of arbitrary code in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox version 45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1962\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'45', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:46:32", "description": "The version of Firefox installed on the remote Mac OS X host is prior\nto 45. It is, therefore, affected by multiple vulnerabilities, the\nmajority of which are remote code execution vulnerabilities. An\nunauthenticated, remote attacker can exploit these issues by\nconvincing a user to visit a specially crafted website, resulting in\nthe execution of arbitrary code in the context of the current user.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-11T00:00:00", "title": "Firefox < 45 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1969", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_45.NASL", "href": "https://www.tenable.com/plugins/nessus/89873", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89873);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1950\",\n \"CVE-2016-1952\",\n \"CVE-2016-1953\",\n \"CVE-2016-1954\",\n \"CVE-2016-1955\",\n \"CVE-2016-1956\",\n \"CVE-2016-1957\",\n \"CVE-2016-1958\",\n \"CVE-2016-1959\",\n \"CVE-2016-1960\",\n \"CVE-2016-1961\",\n \"CVE-2016-1962\",\n \"CVE-2016-1963\",\n \"CVE-2016-1964\",\n \"CVE-2016-1965\",\n \"CVE-2016-1966\",\n \"CVE-2016-1967\",\n \"CVE-2016-1968\",\n \"CVE-2016-1969\",\n \"CVE-2016-1970\",\n \"CVE-2016-1971\",\n \"CVE-2016-1972\",\n \"CVE-2016-1973\",\n \"CVE-2016-1974\",\n \"CVE-2016-1975\",\n \"CVE-2016-1976\",\n \"CVE-2016-1977\",\n \"CVE-2016-1979\",\n \"CVE-2016-2790\",\n \"CVE-2016-2791\",\n \"CVE-2016-2792\",\n \"CVE-2016-2793\",\n \"CVE-2016-2794\",\n \"CVE-2016-2795\",\n \"CVE-2016-2796\",\n \"CVE-2016-2797\",\n \"CVE-2016-2798\",\n \"CVE-2016-2799\",\n \"CVE-2016-2800\",\n \"CVE-2016-2801\",\n \"CVE-2016-2802\"\n );\n script_xref(name:\"MFSA\", value:\"2016-16\");\n script_xref(name:\"MFSA\", value:\"2016-17\");\n script_xref(name:\"MFSA\", value:\"2016-18\");\n script_xref(name:\"MFSA\", value:\"2016-19\");\n script_xref(name:\"MFSA\", value:\"2016-20\");\n script_xref(name:\"MFSA\", value:\"2016-21\");\n script_xref(name:\"MFSA\", value:\"2016-22\");\n script_xref(name:\"MFSA\", value:\"2016-23\");\n script_xref(name:\"MFSA\", value:\"2016-24\");\n script_xref(name:\"MFSA\", value:\"2016-25\");\n script_xref(name:\"MFSA\", value:\"2016-26\");\n script_xref(name:\"MFSA\", value:\"2016-27\");\n script_xref(name:\"MFSA\", value:\"2016-28\");\n script_xref(name:\"MFSA\", value:\"2016-29\");\n script_xref(name:\"MFSA\", value:\"2016-30\");\n script_xref(name:\"MFSA\", value:\"2016-31\");\n script_xref(name:\"MFSA\", value:\"2016-32\");\n script_xref(name:\"MFSA\", value:\"2016-33\");\n script_xref(name:\"MFSA\", value:\"2016-34\");\n script_xref(name:\"MFSA\", value:\"2016-35\");\n script_xref(name:\"MFSA\", value:\"2016-36\");\n script_xref(name:\"MFSA\", value:\"2016-37\");\n script_xref(name:\"MFSA\", value:\"2016-38\");\n\n script_name(english:\"Firefox < 45 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Mac OS X host is prior\nto 45. It is, therefore, affected by multiple vulnerabilities, the\nmajority of which are remote code execution vulnerabilities. An\nunauthenticated, remote attacker can exploit these issues by\nconvincing a user to visit a specially crafted website, resulting in\nthe execution of arbitrary code in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox version 45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1962\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'45', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2016-09-07T00:00:00", "id": "OPENVAS:1361412562310808695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808695", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808695\");\n script_version(\"2019-05-03T13:51:56+0000\");\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n\t\t\"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n\t\t\"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n\t\t\"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-1979\", \"CVE-2016-1950\",\n\t\t\"CVE-2016-1974\", \"CVE-2016-1953\", \"CVE-2016-1964\", \"CVE-2016-1961\",\n\t\t\"CVE-2016-1960\", \"CVE-2016-1957\", \"CVE-2016-1956\", \"CVE-2016-1955\",\n\t\t\"CVE-2016-1954\", \"CVE-2016-1952\");\n script_bugtraq_id(84222, 84221, 84223, 84219, 84218);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 13:51:56 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 11:44:05 +0530 (Wed, 07 Sep 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist. Please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-25T14:50:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1950", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2019-06-25T00:00:00", "published": "2016-09-07T00:00:00", "id": "OPENVAS:1361412562310808696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808696", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808696\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n\t\t\"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n\t\t\"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n\t\t\"CVE-2016-2801\", \"CVE-2016-2802\", \"CVE-2016-1979\", \"CVE-2016-1950\",\n\t\t\"CVE-2016-1974\", \"CVE-2016-1953\", \"CVE-2016-1964\", \"CVE-2016-1961\",\n\t\t\"CVE-2016-1960\", \"CVE-2016-1957\", \"CVE-2016-1956\", \"CVE-2016-1955\",\n\t\t\"CVE-2016-1954\", \"CVE-2016-1952\");\n script_bugtraq_id(84222, 84221, 84223, 84219, 84218);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 12:03:08 +0530 (Wed, 07 Sep 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-16_2016-38_1 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist. Please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-07-11T00:00:00", "id": "OPENVAS:1361412562310851365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851365", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla Thunderbird (openSUSE-SU-2016:1767-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851365\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-11 05:25:35 +0200 (Mon, 11 Jul 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\",\n \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\",\n \"CVE-2016-1964\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\",\n \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\",\n \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\",\n \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\",\n \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2815\", \"CVE-2016-2818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla Thunderbird (openSUSE-SU-2016:1767-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla Thunderbird'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1767-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.2~70.83.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-07-11T00:00:00", "id": "OPENVAS:1361412562310851366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851366", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2016:1778-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851366\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-07-11 05:26:25 +0200 (Mon, 11 Jul 2016)\");\n script_cve_id(\"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\", \"CVE-2016-1955\",\n \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1960\", \"CVE-2016-1961\",\n \"CVE-2016-1964\", \"CVE-2016-1974\", \"CVE-2016-1977\", \"CVE-2016-2790\",\n \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\",\n \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\",\n \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\",\n \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2815\", \"CVE-2016-2818\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2016:1778-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaThunderbird'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n\n - gcc6 fixes (boo#986162)\n\n - running on 48bit va aarch64 (boo#984126)\");\n\n script_tag(name:\"affected\", value:\"MozillaThunderbird on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1778-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.2~43.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-04-20T00:00:00", "id": "OPENVAS:1361412562310842718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842718", "type": "openvas", "title": "Ubuntu Update for firefox USN-2917-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-2917-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842718\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-20 05:18:30 +0200 (Wed, 20 Apr 2016)\");\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\",\n \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n\t\t\"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\",\n\t\t\"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\",\n\t\t\"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1973\", \"CVE-2016-1974\",\n\t\t\"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n\t\t\"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n\t\t\"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n\t\t\"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-2917-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2917-1 fixed vulnerabilities in Firefox.\n This update caused several web compatibility regressions.\n\n This update fixes the problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1950)\n\n Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\n Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\n Tyson Smith, Andrea Marchesini, and Jukka Jylä nki discovered multiple\n memory safety issues in Firefox. If a user were tricked in to opening a\n specially crafted website, an attacker could potentially exploit these to\n cause a denial of service via application crash, or execute arbitrary code\n with the privileges of the user invoking Firefox. (CVE-2016-1952,\n CVE-2016-1953)\n\n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website with addon signing disabled and unpacked addons installed,\n an attacker could potentially exploit this to gain additional privileges.\n (CVE-2016-1954)\n\n Muneaki Nishimura discovered that CSP violation reports contained full\n paths for cross-origin iframe navigations. An attacker could potentially\n exploit this to steal confidential data. (CVE-2016-1955)\n\n Ucha Gobejishvili discovered that performing certain WebGL operations\n resulted in memory resource exhaustion with some Intel GPUs, requiring\n a reboot. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2016-1956)\n\n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n memory exhaustion. (CVE-2016-1957)\n\n Abdulrahman Alqabandi discovered that the addressbar could be blank or\n filled with page defined content in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\n Looben Yang discovered an out-of-bounds read in Service Worker Manager. If\n a user were tricked in to opening a specially craf ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2917-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2917-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0.2+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0.2+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0.2+build1-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310842678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842678", "type": "openvas", "title": "Ubuntu Update for firefox USN-2917-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-2917-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842678\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:16:26 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\",\n \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\",\n \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\",\n \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1973\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-2790\", \"CVE-2016-2791\", \"CVE-2016-2792\",\n \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\", \"CVE-2016-2796\",\n \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\", \"CVE-2016-2800\",\n \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-2917-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Francis Gabriel discovered a buffer overflow\n during ASN.1 decoding in NSS. If a user were tricked in to opening a specially\n crafted website, an attacker could potentially exploit this to cause a denial\n of service via application crash, or execute arbitrary code with the privileges\n of the user invoking Firefox. (CVE-2016-1950)\n\n Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\n Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\n Tyson Smith, Andrea Marchesini, and Jukka Jylä nki discovered multiple\n memory safety issues in Firefox. If a user were tricked in to opening a\n specially crafted website, an attacker could potentially exploit these to\n cause a denial of service via application crash, or execute arbitrary code\n with the privileges of the user invoking Firefox. (CVE-2016-1952,\n CVE-2016-1953)\n\n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website with addon signing disabled and unpacked addons installed,\n an attacker could potentially exploit this to gain additional privileges.\n (CVE-2016-1954)\n\n Muneaki Nishimura discovered that CSP violation reports contained full\n paths for cross-origin iframe navigations. An attacker could potentially\n exploit this to steal confidential data. (CVE-2016-1955)\n\n Ucha Gobejishvili discovered that performing certain WebGL operations\n resulted in memory resource exhaustion with some Intel GPUs, requiring\n areboot. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2016-1956)\n\n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n memory exhaustion. (CVE-2016-1957)\n\n Abdulrahman Alqabandi discovered that the addressbar could be blank or\n filled with page defined content in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\n Looben Yang discovered an out-of-bounds read in Service Worker Manager. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1959)\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2917-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2917-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0+build2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0+build2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"45.0+build2-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-03-13T00:00:00", "id": "OPENVAS:1361412562310851234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851234", "type": "openvas", "title": "openSUSE: Security Advisory for Firefox (openSUSE-SU-2016:0733-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851234\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-13 06:16:27 +0100 (Sun, 13 Mar 2016)\");\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\",\n \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\",\n \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\",\n \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1970\", \"CVE-2016-1971\",\n \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\",\n \"CVE-2016-1976\", \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\",\n \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\",\n \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\",\n \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Firefox (openSUSE-SU-2016:0733-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Firefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n MozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n * requires NSPR 4.12 / NSS 3.21.1\n\n * Instant browser tab sharing through Hello\n\n * Synced Tabs button in button bar\n\n * Tabs synced via Firefox Accounts from other devices are now shown in\n dropdown area of Awesome Bar when searching\n\n * Introduce a new preference (network.dns.blockDotOnion) to allow\n blocking .onion at the DNS level\n\n * Tab Groups (Panorama) feature removed\n\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards\n\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n\n * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip\n location information for embedded iframe pages\n\n * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with\n Intel drivers\n\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4 processing\n\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n\n * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager\n out-of-bounds read in Service Worker Manager\n\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free\n in HTML5 string parser\n\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free\n in SetBody\n\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n\n * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when\n modifying a file being read by FileReader\n\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n\n * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation\n using performance.getEntries and history navigation with session\n restore\n\n * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli\n decompression\n\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n\n * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found\n through code inspection\n\n * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in\n GetStaticInstance in WebRTC\n\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n\n * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Firefox on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0733-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~45.0~109.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo\", rpm:\"mozilla-nspr-debuginfo~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debugsource\", rpm:\"mozilla-nspr-debugsource~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-32bit\", rpm:\"mozilla-nspr-debuginfo-32bit~4.12~34.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.21.1~74.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:41:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2016-03-12T00:00:00", "id": "OPENVAS:1361412562310851230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851230", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2016:0731-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851230\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-12 06:14:00 +0100 (Sat, 12 Mar 2016)\");\n script_cve_id(\"CVE-2016-1950\", \"CVE-2016-1952\", \"CVE-2016-1953\", \"CVE-2016-1954\",\n \"CVE-2016-1955\", \"CVE-2016-1956\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1961\", \"CVE-2016-1962\",\n \"CVE-2016-1963\", \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\",\n \"CVE-2016-1967\", \"CVE-2016-1968\", \"CVE-2016-1970\", \"CVE-2016-1971\",\n \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\",\n \"CVE-2016-1976\", \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\",\n \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\",\n \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\",\n \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2016:0731-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n MozillaFirefox was updated to Firefox 45.0 (boo#969894)\n\n * requires NSPR 4.12 / NSS 3.21.1\n\n * Instant browser tab sharing through Hello\n\n * Synced Tabs button in button bar\n\n * Tabs synced via Firefox Accounts from other devices are now shown in\n dropdown area of Awesome Bar when searching\n\n * Introduce a new preference (network.dns.blockDotOnion) to allow blocking\n .onion at the DNS level\n\n * Tab Groups (Panorama) feature removed\n\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards\n\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n\n * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip\n location information for embedded iframe pages\n\n * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with\n Intel drivers\n\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright\n when deleting an array during MP4 processing\n\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n\n * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager\n out-of-bounds read in Service Worker Manager\n\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in\n HTML5 string parser\n\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in\n SetBody\n\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n\n * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when\n modifying a file being read by FileReader\n\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n\n * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation\n using performance.getEntries and history navigation with session restore\n\n * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli\n decompression\n\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n\n * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found\n through code inspection\n\n * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in\n GetStaticInstance in WebRTC\n\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n\n * MFSA 2016-35/CVE-2016-1950 (bmo ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0731-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~45.0~65.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo\", rpm:\"mozilla-nspr-debuginfo~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debugsource\", rpm:\"mozilla-nspr-debugsource~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-32bit\", rpm:\"mozilla-nspr-32bit~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nspr-debuginfo-32bit\", rpm:\"mozilla-nspr-debuginfo-32bit~4.12~15.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.21.1~28.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1969", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310807521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807521", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Mar16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities - Mar16 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807521\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1950\", \"CVE-2016-1952\",\n \"CVE-2016-1953\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\",\n \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\",\n \"CVE-2016-1968\", \"CVE-2016-1969\", \"CVE-2016-1973\", \"CVE-2016-1974\",\n \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\", \"CVE-2016-2791\",\n \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\", \"CVE-2016-2795\",\n \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\", \"CVE-2016-2799\",\n \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 18:18:51 +0530 (Mon, 14 Mar 2016)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Mar16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The 'nsCSPContext::SendReports' function in 'dom/security/nsCSPContext.cpp'\n script does not prevent use of a non-HTTP report-uri for a CSP violation\n report.\n\n - The CSP violation reports contained full path information for cross-origin\n iframe navigations in violation of the CSP specification.\n\n - A memory leak in the libstagefright library when array destruction occurs\n during MPEG4 video file processing.\n\n - An error in 'browser/base/content/browser.js' script.\n\n - Multiple use-after-free issues.\n\n - Multiple out-of-bounds read errors\n\n - A memory corruption vulnerability in the FileReader class.\n\n - The mishandling of a navigation sequence that returns to the original page.\n\n - Improper restriction of the availability of IFRAME Resource Timing API times.\n\n - Integer underflow in Brotli library's decompression.\n\n - A memory corruption issue in NPAPI plugin in 'nsNPObjWrapper::GetNewOrUsed'\n function in 'dom/plugins/base/nsJSNPRuntime.cpp' script.\n\n - A race condition in the 'GetStaticInstance' function in the WebRTC\n implementation.\n\n - Multiple Heap-based buffer overflow vulnerabilities.\n\n - The multiple unspecified vulnerabilities in the browser engine.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or to cause a denial of service,\n possibly gain privileges, to bypass the Same Origin Policy, to obtain\n sensitive information and to do spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 45.0 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 45.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1969", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310807520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807520", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Mar16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities - Mar16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807520\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-1954\", \"CVE-2016-1955\", \"CVE-2016-1957\", \"CVE-2016-1958\",\n \"CVE-2016-1959\", \"CVE-2016-1960\", \"CVE-2016-1950\", \"CVE-2016-1952\",\n \"CVE-2016-1953\", \"CVE-2016-1961\", \"CVE-2016-1962\", \"CVE-2016-1963\",\n \"CVE-2016-1964\", \"CVE-2016-1965\", \"CVE-2016-1966\", \"CVE-2016-1967\",\n \"CVE-2016-1968\", \"CVE-2016-1969\", \"CVE-2016-1970\", \"CVE-2016-1971\",\n \"CVE-2016-1972\", \"CVE-2016-1973\", \"CVE-2016-1974\", \"CVE-2016-1975\",\n \"CVE-2016-1976\", \"CVE-2016-1977\", \"CVE-2016-1979\", \"CVE-2016-2790\",\n \"CVE-2016-2791\", \"CVE-2016-2792\", \"CVE-2016-2793\", \"CVE-2016-2794\",\n \"CVE-2016-2795\", \"CVE-2016-2796\", \"CVE-2016-2797\", \"CVE-2016-2798\",\n \"CVE-2016-2799\", \"CVE-2016-2800\", \"CVE-2016-2801\", \"CVE-2016-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 16:41:40 +0530 (Mon, 14 Mar 2016)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Mar16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The 'nsCSPContext::SendReports' function in 'dom/security/nsCSPContext.cpp'\n script does not prevent use of a non-HTTP report-uri for a CSP violation\n report.\n\n - The CSP violation reports contained full path information for cross-origin\n iframe navigations in violation of the CSP specification.\n\n - A memory leak in the libstagefright library when array destruction occurs\n during MPEG4 video file processing.\n\n - An error in 'browser/base/content/browser.js' script.\n\n - Multiple use-after-free issues.\n\n - Multiple out-of-bounds read errors\n\n - A memory corruption vulnerability in the FileReader class.\n\n - The mishandling of a navigation sequence that returns to the original page.\n\n - Improper restriction of the availability of IFRAME Resource Timing API times.\n\n - Integer underflow in Brotli library's decompression.\n\n - A memory corruption issue in NPAPI plugin in 'nsNPObjWrapper::GetNewOrUsed'\n function in 'dom/plugins/base/nsJSNPRuntime.cpp' script.\n\n - A race condition in the 'GetStaticInstance' function in the WebRTC\n implementation.\n\n - Multiple Heap-based buffer overflow vulnerabilities.\n\n - The multiple unspecified vulnerabilities in the browser engine.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or to cause a denial of service,\n possibly gain privileges, to bypass the Same Origin Policy, to obtain\n sensitive information and to do spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 45.0 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 45.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:21:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-10T16:08:00", "published": "2016-07-10T16:08:00", "id": "OPENSUSE-SU-2016:1767-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:08:02", "published": "2016-07-11T00:08:02", "id": "OPENSUSE-SU-2016:1769-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:13:17", "published": "2016-07-11T00:13:17", "id": "OPENSUSE-SU-2016:1778-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n MozillaFirefox was updated to Firefox 45.0 (boo#969894)\n * requires NSPR 4.12 / NSS 3.21.1\n * Instant browser tab sharing through Hello\n * Synced Tabs button in button bar\n * Tabs synced via Firefox Accounts from other devices are now shown in\n dropdown area of Awesome Bar when searching\n * Introduce a new preference (network.dns.blockDotOnion) to allow blocking\n .onion at the DNS level\n * Tab Groups (Panorama) feature removed\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip\n location information for embedded iframe pages\n * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with\n Intel drivers\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright\n when deleting an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager\n out-of-bounds read in Service Worker Manager\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in\n HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in\n SetBody\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when\n modifying a file being read by FileReader\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation\n using perfomance.getEntries and history navigation with session restore\n * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli\n decompression\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found\n through code inspection\n * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in\n GetStaticInstance in WebRTC\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1\n decoding in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during\n processing of DER encoded keys in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n mozilla-nspr was updated to version 4.12\n * added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL if\n detected. It is recommended to use this function in general purpose\n library code.\n * fixed a memory allocation bug related to the PR_*printf functions\n * exported API PR_DuplicateEnvironment, which had already been added in\n NSPR 4.10.9\n * added support for FreeBSD aarch64\n * several minor correctness and compatibility fixes\n\n mozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n * required for Firefox 45.0\n * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1\n decoding in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during\n processing of DER encoded keys in NSS (fixed by requiring 3.21.1)\n\n", "edition": 1, "modified": "2016-03-12T00:12:33", "published": "2016-03-12T00:12:33", "id": "OPENSUSE-SU-2016:0731-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:34", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the\n following issues:\n\n MozillaFirefox was updated to Firefox 45.0 (boo#969894)\n * requires NSPR 4.12 / NSS 3.21.1\n * Instant browser tab sharing through Hello\n * Synced Tabs button in button bar\n * Tabs synced via Firefox Accounts from other devices are now shown in\n dropdown area of Awesome Bar when searching\n * Introduce a new preference (network.dns.blockDotOnion) to allow\n blocking .onion at the DNS level\n * Tab Groups (Panorama) feature removed\n * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety\n hazards\n * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and\n potential privilege escalation through CSP reports\n * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip\n location information for embedded iframe pages\n * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with\n Intel drivers\n * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in\n libstagefright when deleting an array during MP4 processing\n * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be\n overridden\n * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager\n out-of-bounds read in Service Worker Manager\n * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free\n in HTML5 string parser\n * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free\n in SetBody\n * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using\n multiple WebRTC data channels\n * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when\n modifying a file being read by FileReader\n * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML\n transformations\n * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though\n history navigation and Location protocol property\n * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation\n using perfomance.getEntries and history navigation with session\n restore\n * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli\n decompression\n * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with\n malicious NPAPI plugin\n * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/\n CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found\n through code inspection\n * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in\n GetStaticInstance in WebRTC\n * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML\n parser following a failed allocation\n * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1\n decoding in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during\n processing of DER encoded keys in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the\n Graphite 2 library\n\n mozilla-nspr was updated to version 4.12\n * added a PR_GetEnvSecure function, which attempts to detect if the\n program is being executed with elevated privileges, and returns NULL\n if detected. It is recommended to use this function in general\n purpose library code.\n * fixed a memory allocation bug related to the PR_*printf functions\n * exported API PR_DuplicateEnvironment, which had already been added in\n NSPR 4.10.9\n * added support for FreeBSD aarch64\n * several minor correctness and compatibility fixes\n\n mozilla-nss was updated to NSS 3.21.1 (bmo#969894)\n * required for Firefox 45.0\n * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1\n decoding in NSS (fixed by requiring 3.21.1)\n * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during\n processing of DER encoded keys in NSS (fixed by requiring 3.21.1)\n\n", "edition": 1, "modified": "2016-03-12T13:12:05", "published": "2016-03-12T13:12:05", "id": "OPENSUSE-SU-2016:0733-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html", "title": "Security update for Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused several \nregressions that could result in search engine settings being lost, the \nlist of search providers appearing empty or the location bar breaking \nafter typing an invalid URL. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-04-07T00:00:00", "published": "2016-04-07T00:00:00", "id": "USN-2917-2", "href": "https://ubuntu.com/security/notices/USN-2917-2", "title": "Firefox regressions", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-03-09T00:00:00", "published": "2016-03-09T00:00:00", "id": "USN-2917-1", "href": "https://ubuntu.com/security/notices/USN-2917-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "USN-2917-1 fixed vulnerabilities in Firefox. This update caused several \nweb compatibility regressions.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel \nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, \nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2016-1952, \nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to \noverwrite local files. If a user were tricked in to opening a specially \ncrafted website with addon signing disabled and unpacked addons installed, \nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full \npaths for cross-origin iframe navigations. An attacker could potentially \nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations \nresulted in memory resource exhaustion with some Intel GPUs, requiring \na reboot. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial \nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in \nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or \nfilled with page defined content in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple \nWebRTC data channels. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified \nwhilst being read by the FileReader API. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display \nan incorrect URL, using history navigations and the Location protocol \nproperty. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct URL \nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If \na user were tricked in to opening a specially crafted website with a \nmalicious plugin installed, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using \nperformance.getEntries and history navigation with session restore. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed \nallocation in the HTML parser in some circumstances. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple \nmemory safety issues in the Graphite 2 library. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, \nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, \nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)", "edition": 5, "modified": "2016-04-19T00:00:00", "published": "2016-04-19T00:00:00", "id": "USN-2917-3", "href": "https://ubuntu.com/security/notices/USN-2917-3", "title": "Firefox regressions", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "- CVE-2016-1952 CVE-2016-1953 (arbitrary code execution)\n\nMozilla developers fixed several memory safety bugs in the browser\nengine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances,\nand we presume that with enough effort at least some of these could be\nexploited to run arbitrary code.\n\n- CVE-2016-1954 (privilege escalation)\n\nSecurity researcher Nicolas Golubovic reported that a malicious page can\noverwrite files on the user's machine using Content Security Policy\n(CSP) violation reports. The file contents are restricted to the JSON\nformat of the report. In many cases overwriting a local file may simply\nbe destructive, breaking the functionality of that file. The CSP error\nreports can include HTML fragments which could be rendered by browsers.\nIf a user has disabled add-on signing and has installed an "unpacked"\nadd-on, a malicious page could overwrite one of the add-on resources.\nDepending on how this resource is used, this could lead to privilege\nescalation.\n\n- CVE-2016-1955 (information disclosure)\n\nSecurity researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. reported that Content Security Policy (CSP)\nviolation reports contained full path information for cross-origin\niframe navigations in violation of the CSP specification. This could\nresult in information disclosure.\n\n- CVE-2016-1956 (denial of service)\n\nSecurity researcher Ucha Gobejishvili reported a denial of service (DOS)\nattack when doing certain WebGL operations in a canvas requiring an\nunusually large amount buffer to be allocated from video memory. This\nresulted in memory resource exhaustion with some Intel video cards,\nrequiring the computer to be rebooted to return functionality. This was\nresolved by putting in additional checks on the amount of memory to be\nallocated during graphics processing.\n\n- CVE-2016-1957 (resource consumption)\n\nSecurity researchers Jose Martinez and Romina Santillan reported a\nmemory leak in the libstagefright library when array destruction occurs\nduring MPEG4 video file processing.\n\n- CVE-2016-1958 (addressbar spoofing)\n\nSecurity researcher Abdulrahman Alqabandi reported an issue where an\nattacker can load an arbitrary web page but the addressbar's displayed\nURL will be blank or filled with page defined content. This can be used\nto obfuscate which page is currently loaded and allows for an attacker\nto spoof an existing page without the malicious page's address being\ndisplayed correctly.\n\n- CVE-2016-1959 (denial of service)\n\nSecurity researcher Looben Yang reported a mechanism where the Clients\nAPI in Service Workers can be used to trigger an out-of-bounds read in\nServiceWorkerManager. This results in a potentially exploitable crash.\n\n- CVE-2016-1960 (arbitrary code execution)\n\nSecurity researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing\na particular set of table-related tags in a foreign fragment context\nsuch as SVG. This results in a potentially exploitable crash.\n\n- CVE-2016-1961 (arbitrary code execution)\n\nSecurity researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of HTMLDocument.\nThis results in a potentially exploitable crash.\n\n- CVE-2016-1962 (arbitrary code execution)\n\nSecurity researcher Dominique Hazaël-Massieux reported a use-after-free\nissue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed\nfrom within a call through it.\n\n- CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793\n CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798\n CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802\n (buffer overflow)\n\nSecurity researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the\nGraphite 2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce stack\ncorruption with a malicious graphite font. This leads to a potentially\nexploitable crash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds\nread, and out-of-bounds write errors when working with fuzzed graphite\nfonts.\n\n- CVE-2016-1963 (denial of service)\n\nSecurity researcher Oriol reported memory corruption when local files\nare modified (by either the user or another program) at the same time\nbeing read using the FileReader API. This flaw requires that input be\ntaken from a local file in order to be triggered and cannot be triggered\nby web content. This results in a potentially exploitable crash when\ntriggered.\n\n- CVE-2016-1964 (arbitrary code execution)\n\nSecurity researcher Nicolas Grégoire used the Address Sanitizer to find\na use-after-free during XML transformation operations. This results in a\npotentially exploitable crash triggerable by web content.\n\n- CVE-2016-1965 (addressbar spoofing)\n\nSecurity researcher Tsubasa Iinuma reported a mechanism where the\ndisplayed addressbar can be spoofed to users. This issue involves using\nhistory navigation in concert with the Location protocol property. After\nnavigating from a malicious page to another, if the user navigates back\nto the initial page, the displayed URL will not reflect the reloaded\npage. This could be used to trick users into potentially treating the\npage as a different and trusted site.\n\n- CVE-2016-1966 (remote code execution)\n\nThe Communications Electronics Security Group (UK) of the GCHQ reported\na dangling pointer dereference within the Netscape Plugin Application\nProgramming Interface (NPAPI) that could lead to the NPAPI subsystem\ncrashing. This issue requires a maliciously crafted NPAPI plugin in\nconcert with scripted web content, resulting in a potentially\nexploitable crash when triggered.\n\n- CVE-2016-1967 (same-origin policy bypass)\n\nSecurity researcher Jordi Chancel discovered a variant of Mozilla\nFoundation Security Advisory 2015-136 which was fixed in Firefox 43. In\nthe original bug, it was possible to read cross-origin URLs following a\nredirect if performance.getEntries() was used along with an iframe to\nhost a page. Navigating back in history through script, content was\npulled from the browser cache for the redirected location instead of\ngoing to the original location. In the newly reported variant issue, it\nwas found that if a browser session was restored, history navigation\nwould still allow for the same attack as content was restored from the\nbrowser cache. This is a same-origin policy violation and could allow\nfor data theft.\n\n- CVE-2016-1968 (remote code execution)\n\nSecurity researcher Luke Li reported a pointer underflow bug in the\nBrotli library's decompression that leads to a buffer overflow. This\nresults in a potentially exploitable crash when triggered.\n\n- CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1975 CVE-2016-197\n (denial of service)\n\nSecurity researcher Ronald Crane reported five "moderate" rated\nvulnerabilities affecting released code that were found through code\ninspection. These included the following issues in WebRTC: an integer\nunderflow, a missing status check, race condition, and a use of deleted\npointers to create new object. A race condition in LibVPX was also\nidentified. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to\ntrigger them.\n\n- CVE-2016-1973 (use-after-free)\n\nSecurity researcher Ronald Crane reported a race condition in\nGetStaticInstance in WebRTC which results in a use-after-free. This\ncould result in a potentially exploitable crash. This issue was found\nthrough code inspection and does not have clear mechanism to be\nexploited through web content but is vulnerable if a mechanism can be\nfound to trigger it.\n\n- CVE-2016-1974 (denial of service)\n\nSecurity researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with\nunicode strings. This can also affect the parsing of XML and SVG format\ndata. This leads to a potentially exploitable crash.", "modified": "2016-03-09T00:00:00", "published": "2016-03-09T00:00:00", "id": "ASA-201603-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:41:54", "bulletinFamily": "info", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1971", "CVE-2016-1957", "CVE-2016-1972", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-1959", "CVE-2015-7207", "CVE-2016-1966", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1979", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1952", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-1976", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2016-1964", "CVE-2016-1958"], "description": "### *Detect date*:\n03/08/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, gain privileges and write local files.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 45.0 \nMozilla Firefox ESR versions earlier than 38.7\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/faq/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-2802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802>)6.8High \n[CVE-2016-2801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801>)6.8High \n[CVE-2016-2800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800>)6.8High \n[CVE-2016-2799](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799>)9.3Critical \n[CVE-2016-2798](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798>)6.8High \n[CVE-2016-2797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797>)6.8High \n[CVE-2016-2796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796>)6.8High \n[CVE-2016-2795](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795>)6.8High \n[CVE-2016-2794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794>)9.3Critical \n[CVE-2016-2793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793>)6.8High \n[CVE-2016-2792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792>)6.8High \n[CVE-2016-2791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791>)6.8High \n[CVE-2016-2790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790>)6.8High \n[CVE-2016-1979](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979>)6.8High \n[CVE-2016-1977](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977>)6.8High \n[CVE-2016-1976](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1976>)6.8High \n[CVE-2016-1975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1975>)6.8High \n[CVE-2016-1974](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974>)6.8High \n[CVE-2016-1973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1973>)6.8High \n[CVE-2016-1972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1972>)6.8High \n[CVE-2016-1971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1971>)6.8High \n[CVE-2016-1970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1970>)6.8High \n[CVE-2016-1968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968>)6.8High \n[CVE-2016-1967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967>)4.3Warning \n[CVE-2016-1966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966>)6.8High \n[CVE-2016-1965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965>)4.3Warning \n[CVE-2016-1964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964>)6.8High \n[CVE-2016-1950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950>)6.8High \n[CVE-2016-1952](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952>)6.8High \n[CVE-2016-1953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1953>)6.8High \n[CVE-2016-1954](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954>)6.8High \n[CVE-2016-1955](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955>)4.3Warning \n[CVE-2016-1956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956>)7.1High \n[CVE-2016-1957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957>)4.3Warning \n[CVE-2016-1958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958>)4.3Warning \n[CVE-2016-1959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1959>)6.8High \n[CVE-2016-1960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960>)6.8High \n[CVE-2016-1961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961>)6.8High \n[CVE-2016-1962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962>)10.0Critical \n[CVE-2016-1963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1963>)4.4Warning\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 42, "modified": "2020-06-18T00:00:00", "published": "2016-03-08T00:00:00", "id": "KLA10765", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10765", "title": "\r KLA10765Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4478", "CVE-2015-4485", "CVE-2016-1953", "CVE-2015-4488", "CVE-2016-2790", "CVE-2016-1971", "CVE-2015-4481", "CVE-2015-2713", "CVE-2016-1945", "CVE-2016-1957", "CVE-2016-1949", "CVE-2016-1946", "CVE-2015-7181", "CVE-2016-1948", "CVE-2015-2714", "CVE-2016-1972", "CVE-2015-2717", "CVE-2016-1933", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-1975", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-1973", "CVE-2016-2801", "CVE-2016-1938", "CVE-2016-2797", "CVE-2015-2712", "CVE-2016-1944", "CVE-2016-1960", "CVE-2015-2711", "CVE-2015-2716", "CVE-2016-1959", "CVE-2016-1931", "CVE-2016-1937", "CVE-2015-4489", "CVE-2015-4486", "CVE-2015-2718", "CVE-2015-4474", "CVE-2015-2710", "CVE-2015-4480", "CVE-2015-7182", "CVE-2015-4484", "CVE-2015-4479", "CVE-2016-1966", "CVE-2015-4492", "CVE-2015-4490", "CVE-2016-1947", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1942", "CVE-2016-1979", "CVE-2016-1969", "CVE-2015-7183", "CVE-2015-4483", "CVE-2015-4493", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-1962", "CVE-2016-1950", "CVE-2016-1963", "CVE-2016-1970", "CVE-2016-1943", "CVE-2016-1952", "CVE-2015-2709", "CVE-2016-1978", "CVE-2015-4477", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2015-4487", "CVE-2016-2793", "CVE-2016-1523", "CVE-2015-4473", "CVE-2015-2708", "CVE-2016-1940", "CVE-2016-1961", "CVE-2016-1930", "CVE-2016-1935", "CVE-2016-1976", "CVE-2015-4491", "CVE-2016-1939", "CVE-2016-1968", "CVE-2016-1967", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1965", "CVE-2015-4475", "CVE-2016-1964", "CVE-2015-4482", "CVE-2015-2715", "CVE-2016-1941", "CVE-2016-1958"], "description": "### Background\n\nMozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.22.2\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.7.0\"\n \n\nAll users of the Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.7.0\"\n \n\nAll Firefox 38.7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.7.0\"\n \n\nAll users of the Firefox 38.7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.7.0\"", "edition": 1, "modified": "2016-05-31T00:00:00", "published": "2016-05-31T00:00:00", "id": "GLSA-201605-06", "href": "https://security.gentoo.org/glsa/201605-06", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
