{"id": "ASA-201609-22", "type": "archlinux", "bulletinFamily": "unix", "title": "[ASA-201609-22] firefox: multiple issues", "description": "Arch Linux Security Advisory ASA-201609-22\n==========================================\n\nSeverity: Critical\nDate : 2016-09-22\nCVE-ID : CVE-2016-5256 CVE-2016-5257 CVE-2016-5270 CVE-2016-5271\nCVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275\nCVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279\nCVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283\nCVE-2016-5284\nPackage : firefox\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package firefox before version 49.0-1 is vulnerable to multiple\nissues including but not limited to arbitrary code execution,\ninformation disclosure and certificate verification bypass.\n\nResolution\n==========\n\nUpgrade to 49.0-1.\n\n# pacman -Syu \"firefox>=49.0-1\"\n\nThe problems have been fixed upstream in version 49.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5256 (arbitrary code execution)\n\nMozilla developers Christoph Diehl, Christian Holler, Gary Kwong,\nNathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported\nmemory safety bugs present in Firefox 48. Some of these bugs showed\nevidence of memory corruption under certain circumstances could\npotentially exploited to run arbitrary code.\n\n- CVE-2016-5257 (arbitrary code execution)\n\nMozilla developers and community members Christoph Diehl, Andrew\nMcCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson\nSmith, Philipp, and Carsten Book reported memory safety bugs present in\nFirefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of\nmemory corruption and we presume that with enough effort at least some\nof these could be exploited to run arbitrary code.\n\n- CVE-2016-5270 (arbitrary code execution)\n\nAn out-of-bounds write of a boolean value during text conversion with\nsome unicode characters.\n\n- CVE-2016-5271 (information disclosure)\n\nAn out-of-bounds read during the processing of text runs in some pages\nusing display:contents.\n\n- CVE-2016-5272 (arbitrary code execution)\n\nA bad cast when processing layout with input elements can result in a\npotentially exploitable crash.\n\n- CVE-2016-5273 (arbitrary code execution)\n\nA potentially exploitable crash in accessibility in the\nmozilla::a11y::HyperTextAccessible::GetChildOffset function.\n\n- CVE-2016-5274 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nnsFrameManager::CaptureFrameState function in web animations during\nrestyling.\n\n- CVE-2016-5275 (arbitrary code execution)\n\nA buffer overflow vulnerability has been discovered in the\nmozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when\nworking with empty filters during canvas rendering.\n\n- CVE-2016-5276 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::a11y::DocAccessible::ProcessInvalidationList function\ntriggered by setting a aria-owns attribute.\n\n- CVE-2016-5277 (arbitrary code execution)\n\nA user-after-free vulnerability has been disconvered in the\nnsRefreshDriver::Tick function with web animations when destroying a\ntimeline.\n\n- CVE-2016-5278 (arbitrary code execution)\n\nA potentially exploitable crash caused by a heap based buffer overflow\nhas been discovered in the nsBMPEncoder::AddImageFrame function while\nencoding image frames to images.\n\n- CVE-2016-5279 (information disclosure)\n\nThe full path to local files is available to scripts when local files\nare drag and dropped into Firefox.\n\n- CVE-2016-5280 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function\nwhen changing text direction.\n\n- CVE-2016-5281 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the DOMSVGLength\nwhen manipulating SVG format content through a script.\n\n- CVE-2016-5282 (access restriction bypass)\n\nFavicons can be loaded through non-whitelisted protocols, such as jar.\n\n- CVE-2016-5283 (information disclosure)\n\nA timing attack vulnerability was discovered using iframes to\npotentially reveal private cross-origin data using document resizes and\nlink colors.\n\n- CVE-2016-5284 (certificate verification bypass)\n\nDue to flaws in the process used to update \"Preloaded Public Key\nPinning\", the pinning for add-on updates became ineffective in early\nSeptember. An attacker who was able to get a mis-issued certificate for\na Mozilla web site could send malicious add-on updates to users on\nnetworks controlled by the attacker. Users who have not installed any\nadd-ons are not affected.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code, disclose sensitive\ninformation and bypass certificate verification via various vectors.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\nhttps://access.redhat.com/security/cve/CVE-2016-5256\nhttps://access.redhat.com/security/cve/CVE-2016-5257\nhttps://access.redhat.com/security/cve/CVE-2016-5270\nhttps://access.redhat.com/security/cve/CVE-2016-5271\nhttps://access.redhat.com/security/cve/CVE-2016-5272\nhttps://access.redhat.com/security/cve/CVE-2016-5273\nhttps://access.redhat.com/security/cve/CVE-2016-5274\nhttps://access.redhat.com/security/cve/CVE-2016-5275\nhttps://access.redhat.com/security/cve/CVE-2016-5276\nhttps://access.redhat.com/security/cve/CVE-2016-5277\nhttps://access.redhat.com/security/cve/CVE-2016-5278\nhttps://access.redhat.com/security/cve/CVE-2016-5279\nhttps://access.redhat.com/security/cve/CVE-2016-5280\nhttps://access.redhat.com/security/cve/CVE-2016-5281\nhttps://access.redhat.com/security/cve/CVE-2016-5282\nhttps://access.redhat.com/security/cve/CVE-2016-5283\nhttps://access.redhat.com/security/cve/CVE-2016-5284", "published": "2016-09-22T00:00:00", "modified": "2016-09-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://security.archlinux.org/ASA-201609-22", "reporter": "ArchLinux", "references": ["https://wiki.archlinux.org/index.php/CVE", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/", "https://access.redhat.com/security/cve/CVE-2016-5256", "https://access.redhat.com/security/cve/CVE-2016-5257", "https://access.redhat.com/security/cve/CVE-2016-5270", "https://access.redhat.com/security/cve/CVE-2016-5271", "https://access.redhat.com/security/cve/CVE-2016-5272", "https://access.redhat.com/security/cve/CVE-2016-5273", "https://access.redhat.com/security/cve/CVE-2016-5274", "https://access.redhat.com/security/cve/CVE-2016-5275", "https://access.redhat.com/security/cve/CVE-2016-5276", "https://access.redhat.com/security/cve/CVE-2016-5277", "https://access.redhat.com/security/cve/CVE-2016-5278", "https://access.redhat.com/security/cve/CVE-2016-5279", "https://access.redhat.com/security/cve/CVE-2016-5280", "https://access.redhat.com/security/cve/CVE-2016-5281", "https://access.redhat.com/security/cve/CVE-2016-5282", "https://access.redhat.com/security/cve/CVE-2016-5283", "https://access.redhat.com/security/cve/CVE-2016-5284"], "cvelist": ["CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284"], "lastseen": "2020-09-22T18:36:45", "viewCount": 3, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2020-09-22T18:36:45", "rev": 2}, "dependencies": {"references": [{"type": "freebsd", "idList": ["2C57C47E-8BB3-4694-83C8-9FC3ABAD3964"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2368-1", "OPENSUSE-SU-2016:2386-1", "SUSE-SU-2016:2431-1", "SUSE-SU-2016:2513-1", "SUSE-SU-2016:2434-1"]}, {"type": "ubuntu", "idList": ["USN-3112-1", "USN-3076-1"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2016-1912.NASL", "MACOSX_FIREFOX_49_0.NASL", "MACOSX_FIREFOX_49.NASL", "UBUNTU_USN-3076-1.NASL", "UBUNTU_USN-3112-1.NASL", "FREEBSD_PKG_2C57C47E8BB3469483C89FC3ABAD3964.NASL", "MOZILLA_FIREFOX_49_0.NASL", "OPENSUSE-2016-1119.NASL", "MOZILLA_FIREFOX_49.NASL", "OPENSUSE-2016-1128.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809324", "OPENVAS:1361412562310809395", "OPENVAS:1361412562310842931", "OPENVAS:1361412562310851396", "OPENVAS:1361412562310842895", "OPENVAS:1361412562310703674", "OPENVAS:1361412562310809325", "OPENVAS:703674", "OPENVAS:1361412562310809392", "OPENVAS:1361412562310851395"]}, {"type": "kaspersky", "idList": ["KLA10876", "KLA10889"]}, {"type": "redhat", "idList": ["RHSA-2016:1912", "RHSA-2016:1985"]}, {"type": "centos", "idList": ["CESA-2016:1985", "CESA-2016:1912"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1912", "ELSA-2016-1985"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3690-1:6CEB0", "DEBIAN:DLA-658-1:FEEE0", "DEBIAN:DLA-636-1:3B163", "DEBIAN:DSA-3674-1:A1E50"]}, {"type": "cve", "idList": ["CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5256", "CVE-2016-5275", "CVE-2016-5284", "CVE-2016-5282", "CVE-2016-5271", "CVE-2016-5281"]}, {"type": "threatpost", "idList": ["THREATPOST:32A7325990396546FE884DF669A90919"]}, {"type": "gentoo", "idList": ["GLSA-201701-15"]}], "modified": "2020-09-22T18:36:45", "rev": 2}, "vulnersScore": 5.7}, "affectedPackage": [{"OS": "ArchLinux", "OSVersion": "any", "arch": "any", "packageName": "firefox", "packageVersion": "49.0-1", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"ubuntu": [{"lastseen": "2020-07-02T11:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "Atte Kettunen discovered an out-of-bounds read when handling certain \nContent Security Policy (CSP) directives in some circumstances. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, \nSeth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon \nCoppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple \nmemory safety issues in Firefox. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion \nwith some unicode characters. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing of \ntext runs in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash. (CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input \nelements in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If a \nuser were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters during \ncanvas rendering. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were tricked \nin to opening a specially crafted website, an attacker could potentially \nexploit this to cause a denial of service via application crash, or \nexecute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a \ntimeline. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code. \n(CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to web \npages after a drag and drop operation. An attacker could potentially \nexploit this to obtain sensitive information. (CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If a \nuser were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code. \n(CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through \nnon-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving document \nresizes and link colours. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to obtain \nsensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP). If \na man-in-the-middle (MITM) attacker was able to obtain a fraudulent \ncertificate for a Mozilla site, they could exploit this by providing \nmalicious addon updates. (CVE-2016-5284)", "edition": 5, "modified": "2016-09-22T00:00:00", "published": "2016-09-22T00:00:00", "id": "USN-3076-1", "href": "https://ubuntu.com/security/notices/USN-3076-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "Catalin Dumitru discovered that URLs of resources loaded after a \nnavigation start could be leaked to the following page via the Resource \nTiming API. If a user were tricked in to opening a specially crafted \nwebsite in a browsing context, an attacker could potentially exploit this \nto obtain sensitive information. (CVE-2016-5250)\n\nChristoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, \nSteve Fink, Tyson Smith, and Carsten Book discovered multiple memory \nsafety issues in Thunderbird. If a user were tricked in to opening a \nspecially crafted message, an attacker could potentially exploit these to \ncause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion \nwith some unicode characters. If a user were tricked in to opening a \nspecially crafted message, an attacker could potentially exploit this to \ncause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5270)\n\nAbhishek Arya discovered a bad cast when processing layout with input \nelements in some circumstances. If a user were tricked in to opening a \nspecially crafted website in a browsing context, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code. (CVE-2016-5272)\n\nA use-after-free was discovered in web animations during restyling. If a \nuser were tricked in to opening a specially crafted website in a browsing \ncontext, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA use-after-free was discovered in accessibility. If a user were tricked \nin to opening a specially crafted website in a browsing context, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a \ntimeline. If a user were tricked in to opening a specially crafted \nwebsite in a browsing context, an attacker could potentially exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted message, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code. \n(CVE-2016-5278)\n\nMei Wang discovered a use-after-free when changing text direction. If a \nuser were tricked in to opening a specially crafted website in a browsing \ncontext, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website in a browsing context, an attacker could potentially \nexploit this to cause a denial of service via application crash, or \nexecute arbitrary code. (CVE-2016-5281)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP). If \na man-in-the-middle (MITM) attacker was able to obtain a fraudulent \ncertificate for a Mozilla site, they could exploit this by providing \nmalicious addon updates. (CVE-2016-5284)", "edition": 5, "modified": "2016-10-27T00:00:00", "published": "2016-10-27T00:00:00", "id": "USN-3112-1", "href": "https://ubuntu.com/security/notices/USN-3112-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-19T22:12:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310809325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809325", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809325\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\",\n \"CVE-2016-5273\", \"CVE-2016-5276\", \"CVE-2016-5274\", \"CVE-2016-5277\",\n \"CVE-2016-5275\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\",\n \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\",\n \"CVE-2016-5256\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:24:26 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy.\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Out-of-bounds read in PropertyProvider::GetSpacingInternal.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Crash in mozilla::a11y::HyperTextAccessible::GetChildOffset.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Full local path of files is available to web pages after drag and drop.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Favicons can be loaded through non-whitelisted protocols.\n\n - 'iframe src' fragment timing attack can reveal cross-origin data.\n\n - Add-on update site certificate pin expiration.\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 49 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 49\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"49\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"49\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-09-25T00:00:00", "id": "OPENVAS:1361412562310851395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851395", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2368-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851395\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-09-25 05:45:03 +0200 (Sun, 25 Sep 2016)\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\",\n \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\",\n \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\",\n \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2368-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP\n logins.\n\n * Added features to Reader Mode that make it easier on the eyes and the\n ears\n\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n\n * Improvements in about:memory reports for tracking font memory usage\n\n - Security related fixes\n\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to\n web pages after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength\n CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons\n from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - iframe src\n fragment timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin expiration\n CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -\n Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n\n * Implemented DHE key agreement for TLS 1.3\n\n * Added support for ChaCha with TLS 1.3\n\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n\n * In previous v ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2368-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~49.0~80.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310842895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842895", "type": "openvas", "title": "Ubuntu Update for firefox USN-3076-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3076-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842895\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:42:01 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\",\n\t\t\"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\",\n\t\t\"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n\t\t\"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\",\n\t\t\"CVE-2016-5283\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3076-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Atte Kettunen discovered an out-of-bounds\n read when handling certain Content Security Policy (CSP) directives in some\n circumstances. If a user were tricked in to opening a specially crafted website,\n an attacker could potentially exploit this to cause a denial of service via\n application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas,\nSeth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon\nCoppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple\nmemory safety issues in Firefox. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing of\ntext runs in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash. (CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters during\ncanvas rendering. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nex ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3076-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3076-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"49.0+build4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"49.0+build4-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"49.0+build4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:12:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310809324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809324", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809324\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\",\n \"CVE-2016-5273\", \"CVE-2016-5276\", \"CVE-2016-5274\", \"CVE-2016-5277\",\n \"CVE-2016-5275\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\",\n \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\",\n \"CVE-2016-5256\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:23:36 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy.\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Out-of-bounds read in PropertyProvider::GetSpacingInternal.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Crash in mozilla::a11y::HyperTextAccessible::GetChildOffset.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Full local path of files is available to web pages after drag and drop.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Favicons can be loaded through non-whitelisted protocols.\n\n - 'iframe src' fragment timing attack can reveal cross-origin data.\n\n - Add-on update site certificate pin expiration.\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 49 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 49\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"49\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"49\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-09-27T00:00:00", "id": "OPENVAS:1361412562310851396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851396", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2386-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851396\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-09-27 05:48:14 +0200 (Tue, 27 Sep 2016)\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\",\n \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\",\n \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\",\n \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2386-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n * Updated Firefox Login Manager to allow HTTPS pages to use saved\n HTTP logins.\n\n * Added features to Reader Mode that make it easier on the eyes and\n the ears\n\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n\n * Improvements in about:memory reports for tracking font memory usage\n\n - Security related fixes\n\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick\n CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web\n pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281\n (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)\n\n - Don't allow content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - iframe src fragment timing attack can\n reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site\n certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and\n Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n\n * Implemented DHE key agreement for TLS 1.3\n\n * Added support for ChaCha with TLS 1.3\n\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n\n * In previous versions, when using client authentication with TLS\n 1.2, NSS only supported certificate_verify message ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2386-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~49.0.1~125.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-11-08T00:00:00", "id": "OPENVAS:1361412562310842931", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842931", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3112-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-3112-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842931\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-08 15:52:48 +0530 (Tue, 08 Nov 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5272\",\n\t\t\"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n\t\t\"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3112-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Catalin Dumitru discovered that URLs of\n resources loaded after a navigation start could be leaked to the following page\n via the Resource Timing API. If a user were tricked in to opening a specially\n crafted website in a browsing context, an attacker could potentially exploit\n this to obtain sensitive information. (CVE-2016-5250)\n\nChristoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard,\nSteve Fink, Tyson Smith, and Carsten Book discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5270)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website in a browsing context, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5272)\n\nA use-after-free was discovered in web animations during restyling. If a\nuser were tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA use-after-free was discovered in accessibility. If a user were tricked\nin to opening a specially crafted website in a browsing context, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite in a browsing context, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted message, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-5278)\n\nMei Wang discovered a use-after-free when changing text direction. If ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 16.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3112-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3112-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.4.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.4.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.4.0+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.4.0+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-25T14:50:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2019-06-25T00:00:00", "published": "2016-10-21T00:00:00", "id": "OPENVAS:1361412562310809395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809395", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809395\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5276\", \"CVE-2016-5274\",\n\t\t\"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5284\",\n\t\t\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5281\");\n script_bugtraq_id(93049, 92260);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-21 15:37:09 +0530 (Fri, 21 Oct 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Use-after-free in DOMSVGLength.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Add-on update site certificate pin expiration.\n\n - Resource Timing API is storing resources sent by the previous page.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause denial of service, to get a\n mis-issued certificate for a Mozilla web sit could send malicious add-on updates\n to users on networks controlled by the attacker, to get potential\n information, also allows to run arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.4 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.4\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.4\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.4\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "modified": "2018-11-15T00:00:00", "published": "2016-10-21T00:00:00", "id": "OPENVAS:1361412562310809392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809392", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2016-88_2016-88_win.nasl 12363 2018-11-15 09:51:15Z asteins $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809392\");\n script_version(\"$Revision: 12363 $\");\n script_cve_id(\"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5276\", \"CVE-2016-5274\",\n\t\t\"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5284\",\n\t\t\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5281\");\n script_bugtraq_id(93049, 92260);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 10:51:15 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-21 15:34:45 +0530 (Fri, 21 Oct 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-88_2016-88 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Use-after-free in DOMSVGLength.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Add-on update site certificate pin expiration.\n\n - Resource Timing API is storing resources sent by the previous page.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause denial of service, to get a\n mis-issued certificate for a Mozilla web sit could send malicious add-on updates\n to users on networks controlled by the attacker, to get potential\n information, also allows to run arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.4 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.4\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.4\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.4\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310882560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882560", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:1912 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1912 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882560\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:41:25 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\",\n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\",\n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1912 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,\nCVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\nCVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Samuel Grob, Brian Carpenter, Mei Wang, Ryan Duff,\nCatalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp,\nCarsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1912\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310882561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882561", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:1912 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1912 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882561\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:41:43 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\",\n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\",\n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1912 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,\nCVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\nCVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Samuel Grob, Brian Carpenter, Mei Wang, Ryan Duff,\nCatalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp,\nCarsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1912\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022089.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.4.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "\nMozilla Foundation reports:\n\nCVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]\nCVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]\nCVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]\nCVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\nCVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]\nCVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]\nCVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]\nCVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]\nCVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\nCVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]\nCVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]\n\n", "edition": 5, "modified": "2016-10-21T00:00:00", "published": "2016-09-13T00:00:00", "id": "2C57C47E-8BB3-4694-83C8-9FC3ABAD3964", "href": "https://vuxml.freebsd.org/freebsd/2c57c47e-8bb3-4694-83c8-9fc3abad3964.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-24T20:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "edition": 1, "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP\n logins.\n * Added features to Reader Mode that make it easier on the eyes and the\n ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to\n web pages after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength\n CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons\n from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - &lt;iframe src&gt;\n fragment timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin expiration\n CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -\n Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS 1.2,\n NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "modified": "2016-09-24T20:10:13", "published": "2016-09-24T20:10:13", "id": "OPENSUSE-SU-2016:2368-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00019.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T16:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved\n HTTP logins.\n * Added features to Reader Mode that make it easier on the eyes and\n the ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick\n CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web\n pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281\n (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)\n - Don't allow content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - &lt;iframe src&gt; fragment timing attack can\n reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site\n certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and\n Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS\n 1.2, NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "edition": 1, "modified": "2016-09-26T18:10:55", "published": "2016-09-26T18:10:55", "id": "OPENSUSE-SU-2016:2386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00021.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T13:27:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "edition": 1, "description": "MozillaFirefox was updated to version 45.4.0 ESR to fix the following\n issues:\n\n Security issues fixed: (bsc#999701 MFSA 2016-86):\n * CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n * CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n * CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * CVE-2016-5281: use-after-free in DOMSVGLength\n * CVE-2016-5284: Add-on update site certificate pin expiration\n * CVE-2016-5250: Resource Timing API is storing resources sent by the\n previous page\n * CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n * CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR\n 45.4\n\n Bug fixed:\n - Fix for aarch64 Firefox startup crash (bsc#991344)\n\n", "modified": "2016-10-04T13:10:47", "published": "2016-10-04T13:10:47", "id": "SUSE-SU-2016:2434-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00001.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-12T21:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "edition": 1, "description": "MozillaFirefox was updated to 45.4.0 ESR to fix the following issues\n (bsc#999701):\n\n The following security issue were fixed:\n * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n * MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources\n sent by the previous page\n * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in\n WebSocketChannel\n * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox\n 49 and Firefox ESR 45.4\n\n", "modified": "2016-10-12T20:08:55", "published": "2016-10-12T20:08:55", "id": "SUSE-SU-2016:2513-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00025.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T13:27:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "edition": 1, "description": "MozillaFirefox was updated to 45.4.0 ESR to fix the following issues\n (bsc#999701):\n\n The following security issue were fixed:\n * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n * MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources\n sent by the previous page\n * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in\n WebSocketChannel\n * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox\n 49 and Firefox ESR 45.4\n\n", "modified": "2016-10-04T13:09:46", "published": "2016-10-04T13:09:46", "id": "SUSE-SU-2016:2431-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00000.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T03:28:40", "description": "The version of Mozilla Firefox installed on the remote Mac OS X host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-22T00:00:00", "title": "Mozilla Firefox < 49.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_49.NASL", "href": "https://www.tenable.com/plugins/nessus/93660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93660);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n script_bugtraq_id(93049, 93052);\n script_xref(name:\"MFSA\", value:\"2016-85\");\n\n script_name(english:\"Mozilla Firefox < 49.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Mac OS X host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:49:52", "description": "The version of Mozilla Firefox installed on the remote Windows host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-22T00:00:00", "title": "Mozilla Firefox < 49.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_49.NASL", "href": "https://www.tenable.com/plugins/nessus/93662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93662);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n script_bugtraq_id(93049, 93052);\n script_xref(name:\"MFSA\", value:\"2016-85\");\n\n script_name(english:\"Mozilla Firefox < 49.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5281\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:43:57", "description": "Atte Kettunen discovered an out-of-bounds read when handling certain\nContent Security Policy (CSP) directives in some circumstances. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza\nBambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing\nof text runs in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters\nduring canvas rendering. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to\nweb pages after a drag and drop operation. An attacker could\npotentially exploit this to obtain sensitive information.\n(CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through\nnon-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving\ndocument resizes and link colours. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent\ncertificate for a Mozilla site, they could exploit this by providing\nmalicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-23T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3076-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93683", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3076-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93683);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_xref(name:\"USN\", value:\"3076-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Atte Kettunen discovered an out-of-bounds read when handling certain\nContent Security Policy (CSP) directives in some circumstances. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza\nBambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing\nof text runs in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters\nduring canvas rendering. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to\nweb pages after a drag and drop operation. An attacker could\npotentially exploit this to obtain sensitive information.\n(CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through\nnon-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving\ndocument resizes and link colours. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent\ncertificate for a Mozilla site, they could exploit this by providing\nmalicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3076-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:48:26", "description": "Mozilla Foundation reports :\n\nCVE-2016-2827 - Out-of-bounds read in\nmozilla::net::IsValidReferrerPolicy [low]\n\nCVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]\n\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR\n45.4 [critical]\n\nCVE-2016-5270 - Heap-buffer-overflow in\nnsCaseTransformTextRunFactory::TransformString [high]\n\nCVE-2016-5271 - Out-of-bounds read in\nPropertyProvider::GetSpacingInternal [low]\n\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\n\nCVE-2016-5273 - crash in\nmozilla::a11y::HyperTextAccessible::GetChildOffset [high]\n\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState\n[high]\n\nCVE-2016-5275 - global-buffer-overflow in\nmozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]\n\nCVE-2016-5276 - Heap-use-after-free in\nmozilla::a11y::DocAccessible::ProcessInvalidationList [high]\n\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\n\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n[critical]\n\nCVE-2016-5279 - Full local path of files is available to web pages\nafter drag and drop [moderate]\n\nCVE-2016-5280 - Use-after-free in\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\n\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\n\nCVE-2016-5282 - Don't allow content to request favicons from\nnon-whitelisted schemes [moderate]\n\nCVE-2016-5283 - <iframe src> fragment timing attack can reveal\ncross-origin data [high]\n\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-21T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_2C57C47E8BB3469483C89FC3ABAD3964.NASL", "href": "https://www.tenable.com/plugins/nessus/93614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93614);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nCVE-2016-2827 - Out-of-bounds read in\nmozilla::net::IsValidReferrerPolicy [low]\n\nCVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]\n\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR\n45.4 [critical]\n\nCVE-2016-5270 - Heap-buffer-overflow in\nnsCaseTransformTextRunFactory::TransformString [high]\n\nCVE-2016-5271 - Out-of-bounds read in\nPropertyProvider::GetSpacingInternal [low]\n\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\n\nCVE-2016-5273 - crash in\nmozilla::a11y::HyperTextAccessible::GetChildOffset [high]\n\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState\n[high]\n\nCVE-2016-5275 - global-buffer-overflow in\nmozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]\n\nCVE-2016-5276 - Heap-use-after-free in\nmozilla::a11y::DocAccessible::ProcessInvalidationList [high]\n\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\n\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n[critical]\n\nCVE-2016-5279 - Full local path of files is available to web pages\nafter drag and drop [moderate]\n\nCVE-2016-5280 - Use-after-free in\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\n\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\n\nCVE-2016-5282 - Don't allow content to request favicons from\nnon-whitelisted schemes [moderate]\n\nCVE-2016-5283 - <iframe src> fragment timing attack can reveal\ncross-origin data [high]\n\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-85/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-86/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-88/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88/\"\n );\n # https://vuxml.freebsd.org/freebsd/2c57c47e-8bb3-4694-83c8-9fc3abad3964.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fee8ca09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<49.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<45.4.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.4.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<45.4.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<45.4.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<45.4.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:28:40", "description": "The version of Mozilla Firefox installed on the remote macOS host is\nprior to 49. It is, therefore, affected by multiple vulnerabilities as\nnoted in Mozilla Firefox stable channel update release notes for\n2016/09/20. Please refer to the release notes for additional\ninformation. Note that Nessus has not attempted to exploit these\nissues but has instead relied only on the application's self-reported\nversion number.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-05T00:00:00", "title": "Mozilla Firefox < 49 Multiple Vulnerabilities (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_49_0.NASL", "href": "https://www.tenable.com/plugins/nessus/117940", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117940);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"Mozilla Firefox < 49 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS host is\nprior to 49. It is, therefore, affected by multiple vulnerabilities as\nnoted in Mozilla Firefox stable channel update release notes for\n2016/09/20. Please refer to the release notes for additional\ninformation. Note that Nessus has not attempted to exploit these\nissues but has instead relied only on the application's self-reported\nversion number.\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1249522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a71b5c71\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1268034\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27887241\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1276413\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4caa1ed8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1277213\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32eb4c7a\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1280387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ef629bf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282076\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8865b1d7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282746\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?160280d4\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1284690\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5dbbf44e\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54ac5d09\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287316\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3bfda65\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d89bb27\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288555\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f45fb2ce\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47a40c69\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288780\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0baaaa08\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288946\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1181d174\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2269f975\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b74c22ad\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7882d62d\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1290244\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e281edf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291016\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?117622e5\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b353376\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1293347\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6207b3c0\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294095\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e04baf7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294407\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?527385b7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294677\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40b8f022\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296078\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d9488e8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296087\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74b0ed3\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1297099\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e935ffb\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=129793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5be7ccc\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1303127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c34feae8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=928187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c773d903\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=932335\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e86e0c1\");\n # https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b727e4e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5256\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:49:52", "description": "The version of Mozilla Firefox installed on the remote Windows host is\nprior to 49. It is, therefore, affected by multiple vulnerabilities as\nnoted in Mozilla Firefox stable channel update release notes for\n2016/09/20. Please refer to the release notes for additional\ninformation. Note that Nessus has not attempted to exploit these\nissues but has instead relied only on the application's self-reported\nversion number.", "edition": 21, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-05T00:00:00", "title": "Mozilla Firefox < 49 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_49_0.NASL", "href": "https://www.tenable.com/plugins/nessus/117941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117941);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"Mozilla Firefox < 49 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host is\nprior to 49. It is, therefore, affected by multiple vulnerabilities as\nnoted in Mozilla Firefox stable channel update release notes for\n2016/09/20. Please refer to the release notes for additional\ninformation. Note that Nessus has not attempted to exploit these\nissues but has instead relied only on the application's self-reported\nversion number.\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1249522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a71b5c71\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1268034\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27887241\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1276413\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4caa1ed8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1277213\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32eb4c7a\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1280387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ef629bf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282076\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8865b1d7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282746\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?160280d4\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1284690\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5dbbf44e\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54ac5d09\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287316\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3bfda65\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d89bb27\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288555\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f45fb2ce\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47a40c69\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288780\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0baaaa08\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288946\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1181d174\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2269f975\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b74c22ad\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7882d62d\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1290244\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e281edf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291016\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?117622e5\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b353376\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1293347\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6207b3c0\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294095\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e04baf7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294407\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?527385b7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294677\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40b8f022\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296078\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d9488e8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296087\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74b0ed3\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1297099\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e935ffb\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=129793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5be7ccc\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1303127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c34feae8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=928187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c773d903\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=932335\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e86e0c1\");\n # https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b727e4e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5256\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:29:13", "description": "This update for MozillaFirefox and mozilla-nss fixes the following\nissues :\n\nMozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to\n use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the\n eyes and the ears\n\n - Improved video performance for users on systems that\n support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video\n that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font\n memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds\n read in mozilla::net::IsValidReferrerPolicy\n CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272\n (bmo#1297934) - Bad cast in nsImageGeometryMixin\n CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset\n CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n CVE-2016-5274 (bmo#1282076) - use-after-free in\n nsFrameManager::CaptureFrameState CVE-2016-5277\n (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions\n CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages\n after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap CVE-2016-5281 (bmo#1284690) - use-after-free in\n DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow\n content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment\n timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin\n expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in\n Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows\n (bmo#1291738)\n\nmozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384\n as the PRF\n\n - In previous versions, when using client authentication\n with TLS 1.2, NSS only supported certificate_verify\n messages that used the same signature hash algorithm as\n used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of\n the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both\n TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an\n application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to\n version 2.8\n\n - The following CA certificate was Removed Sonera Class1\n CA\n\n - The following CA certificates were Added Hellenic\n Academic and Research Institutions RootCA 2015 Hellenic\n Academic and Research Institutions ECC RootCA 2015\n Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root\n CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-26T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1119)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel"], "id": "OPENSUSE-2016-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/93705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1119.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93705);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1119)\");\n script_summary(english:\"Check for the openSUSE-2016-1119 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox and mozilla-nss fixes the following\nissues :\n\nMozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to\n use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the\n eyes and the ears\n\n - Improved video performance for users on systems that\n support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video\n that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font\n memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds\n read in mozilla::net::IsValidReferrerPolicy\n CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272\n (bmo#1297934) - Bad cast in nsImageGeometryMixin\n CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset\n CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n CVE-2016-5274 (bmo#1282076) - use-after-free in\n nsFrameManager::CaptureFrameState CVE-2016-5277\n (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions\n CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages\n after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap CVE-2016-5281 (bmo#1284690) - use-after-free in\n DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow\n content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment\n timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin\n expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in\n Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows\n (bmo#1291738)\n\nmozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384\n as the PRF\n\n - In previous versions, when using client authentication\n with TLS 1.2, NSS only supported certificate_verify\n messages that used the same signature hash algorithm as\n used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of\n the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both\n TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an\n application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to\n version 2.8\n\n - The following CA certificate was Removed Sonera Class1\n CA\n\n - The following CA certificates were Added Hellenic\n Academic and Research Institutions RootCA 2015 Hellenic\n Academic and Research Institutions ECC RootCA 2015\n Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root\n CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-49.0-80.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debugsource-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-devel-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-debuginfo-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.25-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-49.0-33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debugsource-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-devel-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-debuginfo-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.25-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.25-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:29:14", "description": "MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to\n use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the\n eyes and the ears\n\n - Improved video performance for users on systems that\n support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video\n that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font\n memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds\n read in mozilla::net::IsValidReferrerPolicy\n CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272\n (bmo#1297934) - Bad cast in nsImageGeometryMixin\n CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset\n CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n CVE-2016-5274 (bmo#1282076) - use-after-free in\n nsFrameManager::CaptureFrameState CVE-2016-5277\n (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions\n CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages\n after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap CVE-2016-5281 (bmo#1284690) - use-after-free in\n DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow\n content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment\n timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin\n expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in\n Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows\n (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384\n as the PRF\n\n - In previous versions, when using client authentication\n with TLS 1.2, NSS only supported certificate_verify\n messages that used the same signature hash algorithm as\n used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of\n the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both\n TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an\n application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to\n version 2.8\n\n - The following CA certificate was Removed Sonera Class1\n CA\n\n - The following CA certificates were Added Hellenic\n Academic and Research Institutions RootCA 2015 Hellenic\n Academic and Research Institutions ECC RootCA 2015\n Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root\n CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-27T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "modified": "2016-09-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1128.NASL", "href": "https://www.tenable.com/plugins/nessus/93732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93732);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)\");\n script_summary(english:\"Check for the openSUSE-2016-1128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to\n use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the\n eyes and the ears\n\n - Improved video performance for users on systems that\n support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video\n that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font\n memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds\n read in mozilla::net::IsValidReferrerPolicy\n CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272\n (bmo#1297934) - Bad cast in nsImageGeometryMixin\n CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset\n CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n CVE-2016-5274 (bmo#1282076) - use-after-free in\n nsFrameManager::CaptureFrameState CVE-2016-5277\n (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions\n CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages\n after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap CVE-2016-5281 (bmo#1284690) - use-after-free in\n DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow\n content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment\n timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin\n expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in\n Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows\n (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384\n as the PRF\n\n - In previous versions, when using client authentication\n with TLS 1.2, NSS only supported certificate_verify\n messages that used the same signature hash algorithm as\n used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of\n the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both\n TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an\n application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to\n version 2.8\n\n - The following CA certificate was Removed Sonera Class1\n CA\n\n - The following CA certificates were Added Hellenic\n Academic and Research Institutions RootCA 2015 Hellenic\n Academic and Research Institutions ECC RootCA 2015\n Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root\n CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1249522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1280387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1284690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1287316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1287721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1294677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1304114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1304783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=928187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=932335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.25-91.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:44:06", "description": "Catalin Dumitru discovered that URLs of resources loaded after a\nnavigation start could be leaked to the following page via the\nResource Timing API. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2016-5250)\n\nChristoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon\nCoppeard, Steve Fink, Tyson Smith, and Carsten Book discovered\nmultiple memory safety issues in Thunderbird. If a user were tricked\nin to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website in a browsing context, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5272)\n\nA use-after-free was discovered in web animations during restyling. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5274)\n\nA use-after-free was discovered in accessibility. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite in a browsing context, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images\nin some circumstances. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5278)\n\nMei Wang discovered a use-after-free when changing text direction. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website in a browsing context, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5281)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent\ncertificate for a Mozilla site, they could exploit this by providing\nmalicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3112-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3112-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94352);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_xref(name:\"USN\", value:\"3112-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3112-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Catalin Dumitru discovered that URLs of resources loaded after a\nnavigation start could be leaked to the following page via the\nResource Timing API. If a user were tricked in to opening a specially\ncrafted website in a browsing context, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2016-5250)\n\nChristoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon\nCoppeard, Steve Fink, Tyson Smith, and Carsten Book discovered\nmultiple memory safety issues in Thunderbird. If a user were tricked\nin to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website in a browsing context, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5272)\n\nA use-after-free was discovered in web animations during restyling. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5274)\n\nA use-after-free was discovered in accessibility. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite in a browsing context, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images\nin some circumstances. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5278)\n\nMei Wang discovered a use-after-free when changing text direction. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website in a browsing context, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5281)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent\ncertificate for a Mozilla site, they could exploit this by providing\nmalicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3112-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:45.4.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:45.4.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:45.4.0+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:45.4.0+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:51:44", "description": "According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to\n obtain sensitive information about the previously\n retrieved page via Resource Timing API\n calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allow remote attackers to cause a\n denial of service (memory corruption and application\n crash) or possibly execute arbitrary code via unknown\n vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the\n WebSockets subsystem in Mozilla Firefox before 48.0\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via\n crafted packets that trigger incorrect buffer-resize\n operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the\n nsCaseTransformTextRunFactory::TransformString function\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to cause a denial\n of service (boolean out-of-bounds write) or possibly\n have unspecified other impact via Unicode characters\n that are mishandled during text\n conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 does not\n properly perform a cast of an unspecified variable\n during handling of INPUT elements, which allows remote\n attackers to execute arbitrary code via a crafted web\n site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the\n nsFrameManager::CaptureFrameState function in Mozilla\n Firefox before 49.0 and Firefox ESR 45.x before 45.4\n allows remote attackers to execute arbitrary code by\n leveraging improper interaction between restyling and\n the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n function in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allows remote attackers to execute\n arbitrary code or cause a denial of service (heap\n memory corruption) via an aria-owns\n attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the\n nsRefreshDriver::Tick function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code or cause a\n denial of service (heap memory corruption) by\n leveraging improper interaction between timeline\n destruction and the Web Animations model\n implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the\n nsBMPEncoder::AddImageFrame function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code via a\n crafted image data that is mishandled during the\n encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom\n Map function in Mozilla Firefox before 49.0 and Firefox\n ESR 45.x before 45.4 allows remote attackers to execute\n arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to execute\n arbitrary code by leveraging improper interaction\n between JavaScript code and an SVG\n document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before\n 45.4 rely on unintended expiration dates for Preloaded\n Public Key Pinning, which allows man-in-the-middle\n attackers to spoof add-on updates by leveraging\n possession of an X.509 server certificate for\n addons.mozilla.org signed by an arbitrary built-in\n Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 48, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "modified": "2017-05-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1046.NASL", "href": "https://www.tenable.com/plugins/nessus/99809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99809);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5250\",\n \"CVE-2016-5257\",\n \"CVE-2016-5261\",\n \"CVE-2016-5270\",\n \"CVE-2016-5272\",\n \"CVE-2016-5274\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to\n obtain sensitive information about the previously\n retrieved page via Resource Timing API\n calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allow remote attackers to cause a\n denial of service (memory corruption and application\n crash) or possibly execute arbitrary code via unknown\n vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the\n WebSockets subsystem in Mozilla Firefox before 48.0\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via\n crafted packets that trigger incorrect buffer-resize\n operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the\n nsCaseTransformTextRunFactory::TransformString function\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to cause a denial\n of service (boolean out-of-bounds write) or possibly\n have unspecified other impact via Unicode characters\n that are mishandled during text\n conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 does not\n properly perform a cast of an unspecified variable\n during handling of INPUT elements, which allows remote\n attackers to execute arbitrary code via a crafted web\n site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the\n nsFrameManager::CaptureFrameState function in Mozilla\n Firefox before 49.0 and Firefox ESR 45.x before 45.4\n allows remote attackers to execute arbitrary code by\n leveraging improper interaction between restyling and\n the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n function in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allows remote attackers to execute\n arbitrary code or cause a denial of service (heap\n memory corruption) via an aria-owns\n attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the\n nsRefreshDriver::Tick function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code or cause a\n denial of service (heap memory corruption) by\n leveraging improper interaction between timeline\n destruction and the Web Animations model\n implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the\n nsBMPEncoder::AddImageFrame function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code via a\n crafted image data that is mishandled during the\n encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom\n Map function in Mozilla Firefox before 49.0 and Firefox\n ESR 45.x before 45.4 allows remote attackers to execute\n arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to execute\n arbitrary code by leveraging improper interaction\n between JavaScript code and an SVG\n document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before\n 45.4 rely on unintended expiration dates for Preloaded\n Public Key Pinning, which allows man-in-the-middle\n attackers to spoof add-on updates by leveraging\n possession of an X.509 server certificate for\n addons.mozilla.org signed by an arbitrary built-in\n Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1046\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?080de640\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.4.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:41:55", "bulletinFamily": "info", "cvelist": ["CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-2827", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5283", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5276", "CVE-2016-5279", "CVE-2016-5275", "CVE-2016-5282"], "description": "### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMozilaa Firefox versions earlier than 49 \nMozilla Firefox ESR versions earlier than 45.4\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Firefox advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/>) \n[Mozilla Firefox ESR advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-5284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284>)4.3Warning \n[CVE-2016-5281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281>)7.5Critical \n[CVE-2016-5280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280>)7.5Critical \n[CVE-2016-5278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278>)6.8High \n[CVE-2016-5277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277>)7.5Critical \n[CVE-2016-5276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276>)7.5Critical \n[CVE-2016-5274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274>)7.5Critical \n[CVE-2016-5272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272>)6.8High \n[CVE-2016-5270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270>)7.5Critical \n[CVE-2016-5257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257>)7.5Critical \n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>)5.0Critical \n[CVE-2016-5283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5283>)6.8High \n[CVE-2016-5282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5282>)4.3Warning \n[CVE-2016-5279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5279>)4.3Warning \n[CVE-2016-5275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5275>)6.8High \n[CVE-2016-5273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5273>)6.8High \n[CVE-2016-5271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5271>)4.3Warning \n[CVE-2016-5256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5256>)7.5Critical \n[CVE-2016-2827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2827>)4.3Warning \n[CVE-2016-5261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261>)7.5Critical", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2016-09-13T00:00:00", "id": "KLA10876", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10876", "title": "\r KLA10876Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T11:43:51", "bulletinFamily": "info", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "### *Detect date*:\n10/20/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 45.4\n\n### *Solution*:\nUpdate to the latest version \n[Mozilla Thunderbird download page](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-88/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2016-5284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284>)4.3Warning \n[CVE-2016-5281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281>)7.5Critical \n[CVE-2016-5280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280>)7.5Critical \n[CVE-2016-5278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278>)6.8High \n[CVE-2016-5277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277>)7.5Critical \n[CVE-2016-5276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276>)7.5Critical \n[CVE-2016-5274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274>)7.5Critical \n[CVE-2016-5272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272>)6.8High \n[CVE-2016-5270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270>)7.5Critical \n[CVE-2016-5257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257>)7.5Critical \n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>)5.0Critical", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2016-10-20T00:00:00", "id": "KLA10889", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10889", "title": "\r KLA10889Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5250", "CVE-2016-5257", "CVE-2016-5261", "CVE-2016-5270", "CVE-2016-5272", "CVE-2016-5274", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5284"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.", "modified": "2018-06-06T20:24:27", "published": "2016-09-21T10:56:38", "id": "RHSA-2016:1912", "href": "https://access.redhat.com/errata/RHSA-2016:1912", "type": "redhat", "title": "(RHSA-2016:1912) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the\noriginal reporters.\n", "modified": "2018-06-06T20:24:05", "published": "2016-10-03T04:00:00", "id": "RHSA-2016:1985", "href": "https://access.redhat.com/errata/RHSA-2016:1985", "type": "redhat", "title": "(RHSA-2016:1985) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "[45.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.4.0-1]\n- Update to 45.4.0 ESR", "edition": 4, "modified": "2016-09-21T00:00:00", "published": "2016-09-21T00:00:00", "id": "ELSA-2016-1912", "href": "http://linux.oracle.com/errata/ELSA-2016-1912.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-22T17:14:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "description": "[45.4.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.4.0-1]\n- Update to 45.4.0", "edition": 5, "modified": "2016-10-03T00:00:00", "published": "2016-10-03T00:00:00", "id": "ELSA-2016-1985", "href": "http://linux.oracle.com/errata/ELSA-2016-1985.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1912\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034126.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034127.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034128.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1912.html", "edition": 4, "modified": "2016-09-22T15:31:34", "published": "2016-09-22T13:23:33", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/034126.html", "id": "CESA-2016:1912", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1985\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.4.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5257)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the\noriginal reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/034145.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/034146.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/034147.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1985.html", "edition": 3, "modified": "2016-10-03T20:23:48", "published": "2016-10-03T20:12:34", "href": "http://lists.centos.org/pipermail/centos-announce/2016-October/034145.html", "id": "CESA-2016:1985", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:08:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3674-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 22, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 \n CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277\n CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.4.0esr-1~deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.4.0esr-1 of firefox-esr and in version 49.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-09-22T19:56:29", "published": "2016-09-22T19:56:29", "id": "DEBIAN:DSA-3674-1:A1E50", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00253.html", "title": "[SECURITY] [DSA 3674-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5274", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "Package : firefox-esr\nVersion : 45.4.0esr-1~deb7u1\nCVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261\n CVE-2016-5270 CVE-2016-5272 CVE-2016-5274\n CVE-2016-5276 CVE-2016-5277 CVE-2016-5278\n CVE-2016-5280 CVE-2016-5281 CVE-2016-5284\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n45.4.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-09-27T12:05:47", "published": "2016-09-27T12:05:47", "id": "DEBIAN:DLA-636-1:3B163", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00032.html", "title": "[SECURITY] [DLA 636-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:05:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5278", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5250", "CVE-2016-5261", "CVE-2016-5284", "CVE-2016-5270", "CVE-2016-5277", "CVE-2016-5257", "CVE-2016-5272", "CVE-2016-5276"], "description": "Package : icedove\nVersion : 45.4.0-1~deb7u1\nCVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261, CVE-2016-5257\n\nMultiple security issues have been found in Icedove, Debian&#x27;s version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n45.4.0-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2016-10-16T17:20:47", "published": "2016-10-16T17:20:47", "id": "DEBIAN:DLA-658-1:FEEE0", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00014.html", "title": "[SECURITY] [DLA 658-1] icedove security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:57:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5257"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3690-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 10, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5257\n\nMultiple security issues have been found in Icedove, Debian&#x27;s version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 1:45.4.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:45.4.0-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2016-10-10T19:19:20", "published": "2016-10-10T19:19:20", "id": "DEBIAN:DSA-3690-1:6CEB0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00271.html", "title": "[SECURITY] [DSA 3690-1] icedove security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:07:39", "description": "Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5282", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5282"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5282", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5282", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5281", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5281"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:45.0", "cpe:/a:mozilla:firefox_esr:45.0.1", "cpe:/a:mozilla:firefox:45.0.2", "cpe:/a:mozilla:firefox_esr:45.3.0", "cpe:/a:mozilla:firefox_esr:45.2.0", "cpe:/a:mozilla:firefox:48.0.2", "cpe:/a:mozilla:firefox_esr:45.1.1"], "id": "CVE-2016-5281", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5281", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5271", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5271"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5271", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5271", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5256", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5256"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5256", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5273", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5273"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5273", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5283", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5283"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5283", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5283", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5275", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5275"], "modified": "2017-07-30T01:29:00", "cpe": ["cpe:/a:mozilla:firefox:48.0.2"], "id": "CVE-2016-5275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5275", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5272", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5272"], "modified": "2018-06-12T01:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:45.3.0", "cpe:/a:mozilla:firefox_esr:45.2.0", "cpe:/a:mozilla:firefox:48.0.2", "cpe:/a:mozilla:firefox_esr:45.1.1", "cpe:/a:mozilla:firefox_esr:45.1.0"], "id": "CVE-2016-5272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5272", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5284", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5284"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:45.0", "cpe:/a:mozilla:firefox_esr:45.0.1", "cpe:/a:mozilla:firefox:45.0.2", "cpe:/a:mozilla:firefox_esr:45.3.0", "cpe:/a:mozilla:firefox_esr:45.2.0", "cpe:/a:mozilla:firefox:48.0.2", "cpe:/a:mozilla:firefox_esr:45.1.1"], "id": "CVE-2016-5284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5284", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-22T22:59:00", "title": "CVE-2016-5276", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5276"], "modified": "2018-06-12T01:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:45.3.0", "cpe:/a:mozilla:firefox_esr:45.2.0", "cpe:/a:mozilla:firefox:48.0.2", "cpe:/a:mozilla:firefox_esr:45.1.1", "cpe:/a:mozilla:firefox_esr:45.1.0"], "id": "CVE-2016-5276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5276", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:48.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2018-10-06T22:54:43", "bulletinFamily": "info", "cvelist": ["CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5284"], "description": "As expected, Mozilla patched a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the [expiration of certificate pins](<https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/>).\n\nThe vulnerability allowed attackers to intercept encrypted browser traffic, inject a malicious NoScript extension update and gain remote code execution. The flaw extended to the Tor Browser as well; Tor is built from the Firefox code base and was patched last Friday shortly after the bug was [disclosed](<https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.77drbpfyz>) by a researcher known as movrck.\n\nMozilla patched the flaw yesterday in [Firefox 49](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/>) and in [Firefox ESR 45.4](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/>).\n\nIn addition to movrck, the bug was also analyzed by researcher Ryan Duff, a former member of U.S. Cyber Command. Both said exploitation of the vulnerability would be a challenge given the circumstances that must be in place because an attacker would have to steal or forge a TLS certificate and then insert themselves in the traffic, either by running malicious Tor exit nodes or via a man-in-the-middle attack.\n\nThe attacker would then have to look for an add-on update for NoScript, insert their own and gain remote control of a compromised machine. Attacks against individuals would be much more difficult than to target Firefox or Tor users at scale. Successful exploits are likely in the realm of state-sponsored attackers or resourced criminal operations; movrck, for example, said an attack would likely cost $100,000 to execute.\n\nMozilla said the vulnerability, CVE-2016-5284, occurred in the process used to update Preloaded Public Key Pinning it its releases. Rather than using HTTP Public Key Pinning (HPKP), Mozilla used its own static pins that expire periodically. In this case, the pins expired on Sept. 3 and users were exposed to this attack for 17 days.\n\nAs is the case, movrck\u2019s research was serendipitous. As Duff pointed out, had he tried his attack at any time other than this 17 day period, it would have failed.\n\nMozilla on Friday admitted to the flaws in its update process and to the expired pins. Mozilla\u2019s Selena Deckelmann, a senior manager of security engineering, said the organization was not aware of malicious certs in the wild, though cautioned that Tor users are especially in the line of fire given that the Tor Browser comes pre-loaded with certain privacy-focused add-ons.\n\nThis scenario of expired pins would happen again two more times before the end of this year, Duff learned, with the biggest exposure starting Dec. 17 when Firefox 50 pins were set to expire, but would not be updated until Jan. 24, 2017. The current expiration date in today\u2019s update will carry Mozilla through to November and it will have until then to address this.\n\nThe certificate pinning vulnerability was rated high severity by Mozilla, which yesterday patched four bugs in Firefox 49 it rated critical.\n\nTwo separate \u201cmemory safety bugs,\u201d CVE-2016-5256 and CVE-2016-5257, were patched, both of which were found internally by Mozilla developers and could expose machines to arbitrary code execution.\n\nAlso patched with a global buffer overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions, which occurred when working with empty filters during canvas rendering, Mozilla said.\n\nThe remaining critical flaw was a heap buffer overflow in nsBMPEncoder::AddImageFrame during the encoding of image frames to images and could lead to an exploitable crash. This vulnerability, along with CVE-2016-5257, were also rated critical and patched in Firefox ESR 45.4.\n", "modified": "2016-09-21T19:38:53", "published": "2016-09-21T08:58:18", "id": "THREATPOST:32A7325990396546FE884DF669A90919", "href": "https://threatpost.com/mozilla-patches-certificate-pinning-vulnerability-in-firefox/120747/", "type": "threatpost", "title": "Mozilla Patches Certificate Pinning Vulnerability in Firefox", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-01-03T14:14:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2016-9893", "CVE-2015-0831", "CVE-2016-5266", "CVE-2016-5290", "CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5252", "CVE-2015-0832", "CVE-2016-5281", "CVE-2016-2816", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5297", "CVE-2016-2827", "CVE-2015-0825", "CVE-2015-0821", "CVE-2016-2817", "CVE-2016-5250", "CVE-2016-2805", "CVE-2015-0828", "CVE-2016-5259", "CVE-2016-5274", "CVE-2016-9904", "CVE-2016-5261", "CVE-2016-5267", "CVE-2016-9064", "CVE-2016-5254", "CVE-2016-5284", "CVE-2016-2814", "CVE-2015-0826", "CVE-2016-5296", "CVE-2016-9899", "CVE-2016-5265", "CVE-2016-9079", "CVE-2016-5270", "CVE-2016-9898", "CVE-2014-8642", "CVE-2014-8637", "CVE-2016-5264", "CVE-2014-8636", "CVE-2016-2813", "CVE-2016-9902", "CVE-2015-0819", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5283", "CVE-2016-9074", "CVE-2016-5277", "CVE-2015-0834", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-9897", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-9066", "CVE-2014-8641", "CVE-2015-0835", "CVE-2016-9905", "CVE-2016-5258", "CVE-2016-9895", "CVE-2016-2810", "CVE-2016-9900", "CVE-2016-5293", "CVE-2016-5260", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-5268", "CVE-2016-5257", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-9901", "CVE-2016-2807", "CVE-2016-5272", "CVE-2014-8634", "CVE-2015-0823", "CVE-2016-5251", "CVE-2016-2806", "CVE-2016-5273", "CVE-2016-2837", "CVE-2015-0836", "CVE-2016-5276", "CVE-2016-2812", "CVE-2014-8639", "CVE-2015-0829", "CVE-2016-5262", "CVE-2015-0822", "CVE-2016-5253", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2016-5279", "CVE-2014-8635", "CVE-2014-8638", "CVE-2016-5255", "CVE-2016-5275", "CVE-2016-2830", "CVE-2016-5282", "CVE-2015-0820", "CVE-2016-2820", "CVE-2015-0833"], "edition": 1, "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.38\"\n \n\nAll SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.38\"", "modified": "2017-01-03T00:00:00", "published": "2017-01-03T00:00:00", "href": "https://security.gentoo.org/glsa/201701-15", "id": "GLSA-201701-15", "type": "gentoo", "title": "Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}