ID CVE-2015-7211 Type cve Reporter security@mozilla.org Modified 2018-10-30T16:27:00
Description
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
{"mozilla": [{"lastseen": "2016-09-05T13:37:42", "bulletinFamily": "software", "cvelist": ["CVE-2015-7211"], "edition": 1, "description": "Security researcher Abdulrahman Alqabandi reported that when a\ndata: URI is parsed, the hash ('#') symbol is incorrectly handled, allowing\nfor spoofing attacks. This issue could result in the wrong URI being displayed as a\nlocation, which can mislead users to believe they are on a different site than the one\nloaded.", "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "id": "MFSA2015-141", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-141/", "type": "mozilla", "title": "Hash in data URI is incorrectly parsed", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-07-19T22:13:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-12-18T00:00:00", "id": "OPENVAS:1361412562310807004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807004", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Dec15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities - Dec15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807004\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\",\n \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\",\n \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\",\n \"CVE-2015-7215\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\",\n \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_bugtraq_id(79283, 79279, 79280);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 10:31:01 +0530 (Fri, 18 Dec 2015)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Dec15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified vulnerabilities in the browser engine.\n\n - Buffer overflow in the 'DirectWriteFontInfo::LoadFontFamilyData' function in\n 'gfx/thebes/gfxDWriteFontList.cpp' script.\n\n - An implementation error with unboxed objects and property storing in the\n JavaScript engine.\n\n - Integer underflow in the 'RTPReceiverVideo::ParseRtpPacket' function.\n\n - Improper restriction of the availability of IFRAME Resource Timing API times.\n\n - Control characters are allowed to set in cookies.\n\n - Use-after-free error in WebRTC that occurs due to timing issues in WebRTC\n when closing channels.\n\n - Mishandling of the '#' (number sign) character while 'data: URI' parsing.\n\n - Integer overflow in the 'mozilla::layers::BufferTextureClient::AllocateForSurface'\n function.\n\n - Integer overflow in the 'MPEG4Extractor::readMetaData' function in\n 'MPEG4Extractor.cpp' script in libstagefright.\n\n - Cross-site reading vulnerability through data and view-source URIs.\n\n - Cross-origin information leak through the error events in web workers.\n\n - Multiple errors in 'HTTP/2' implementation.\n\n - Buffer overflow in the 'XDRBuffer::grow' function in 'js/src/vm/Xdr.cpp'\n script.\n\n - Buffer overflow in the 'nsDeque::GrowCapacity' function in\n 'xpcom/glue/nsDeque.cpp' script.\n\n - Integer underflow in the 'Metadata::setData' function in 'MetaData.cpp' in\n libstagefright\n\n - Error in WebExtension APIs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service, bypass security restrictions,\n obtain sensitive information, execute arbitrary script code, spoof web sites\n and some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 43.0 on\n Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 43.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\nif(version_is_less(version:ffVer, test_version:\"43.0\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: ' + \"43.0\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-12-18T00:00:00", "id": "OPENVAS:1361412562310807005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807005", "type": "openvas", "title": "Mozilla Firefox Multiple Vulnerabilities - Dec15 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Multiple Vulnerabilities - Dec15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807005\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\",\n \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\",\n \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\",\n \"CVE-2015-7215\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\",\n \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_bugtraq_id(79283, 79279, 79280);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 11:18:19 +0530 (Fri, 18 Dec 2015)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities - Dec15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified vulnerabilities in the browser engine.\n\n - Buffer overflow in the 'DirectWriteFontInfo::LoadFontFamilyData' function in\n 'gfx/thebes/gfxDWriteFontList.cpp' script.\n\n - An implementation error with unboxed objects and property storing in the\n JavaScript engine.\n\n - Integer underflow in the 'RTPReceiverVideo::ParseRtpPacket' function.\n\n - Improper restriction of the availability of IFRAME Resource Timing API times.\n\n - Control characters are allowed to set in cookies.\n\n - Use-after-free error in WebRTC that occurs due to timing issues in WebRTC\n when closing channels.\n\n - Mishandling of the '#' (number sign) character while 'data: URI' parsing.\n\n - Integer overflow in the 'mozilla::layers::BufferTextureClient::AllocateForSurface'\n function.\n\n - Integer overflow in the 'MPEG4Extractor::readMetaData' function in\n 'MPEG4Extractor.cpp' script in libstagefright.\n\n - Cross-site reading vulnerability through data and view-source URIs.\n\n - Cross-origin information leak through the error events in web workers.\n\n - Multiple errors in 'HTTP/2' implementation.\n\n - Buffer overflow in the 'XDRBuffer::grow' function in 'js/src/vm/Xdr.cpp'\n script.\n\n - Buffer overflow in the 'nsDeque::GrowCapacity' function in\n 'xpcom/glue/nsDeque.cpp' script.\n\n - Integer underflow in the 'Metadata::setData' function in 'MetaData.cpp' in\n libstagefright\n\n - Error in WebExtension APIs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service, bypass security restrictions,\n obtain sensitive information, execute arbitrary script code, spoof web sites\n and some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 43.0 on\n Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 43.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"43.0\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: ' + \"43.0\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-12-16T00:00:00", "id": "OPENVAS:1361412562310842560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842560", "type": "openvas", "title": "Ubuntu Update for firefox USN-2833-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-2833-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842560\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 05:50:34 +0100 (Wed, 16 Dec 2015)\");\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7220\",\n \"CVE-2015-7221\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\",\n \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\",\n \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\",\n \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7222\",\n \"CVE-2015-7223\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-2833-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrei Vaida, Jesse Ruderman, Bob Clary,\nChristian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and\nMichael Henretty discovered multiple memory safety issues in Firefox. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code inspection.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during javascript variable assignments\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs following\na redirect if performance.getEntries() is used with an iframe to host a\npage. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to bypass same-origin\nrestrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set in\ncookies. An attacker could potentially exploit this to conduct cookie\ninjection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing channels in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly handled\nwhen parsing data: URLs. An attacker could potentially exploit this to\nconduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large\ntextures. If a user ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2833-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2833-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"43.0+build1-0ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"43.0+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"43.0+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"43.0+build1-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "Mageia Linux Local Security Checks mgasa-2016-0124", "modified": "2019-03-14T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310131274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131274", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0124", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0124.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131274\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:04:59 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0124\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0124.html\");\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0124\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"iceape\", rpm:\"iceape~2.40~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-2738", "CVE-2015-0813", "CVE-2015-2737", "CVE-2015-7198", "CVE-2015-7204", "CVE-2015-2726", "CVE-2015-7200", "CVE-2015-7216", "CVE-2015-4514", "CVE-2015-7181", "CVE-2015-0812", "CVE-2015-7191", "CVE-2015-0811", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-2728", "CVE-2015-7194", "CVE-2015-2724", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-0810", "CVE-2015-7207", "CVE-2015-0799", "CVE-2015-0808", "CVE-2015-7187", "CVE-2015-0816", "CVE-2015-7189", "CVE-2015-2739", "CVE-2015-7208", "CVE-2015-7182", "CVE-2015-2808", "CVE-2015-7213", "CVE-2015-2733", "CVE-2015-2721", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-4495", "CVE-2015-2722", "CVE-2015-2729", "CVE-2015-7201", "CVE-2015-2725", "CVE-2015-2734", "CVE-2015-7188", "CVE-2015-0798", "CVE-2015-7183", "CVE-2015-0805", "CVE-2015-7210", "CVE-2015-7196", "CVE-2015-0802", "CVE-2015-7192", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-0815", "CVE-2015-2743", "CVE-2015-7215", "CVE-2015-4153", "CVE-2015-2727", "CVE-2015-7199", "CVE-2015-7202", "CVE-2015-4518", "CVE-2015-4513", "CVE-2015-7193", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-2735", "CVE-2015-2742", "CVE-2015-2741", "CVE-2015-0801", "CVE-2015-7197", "CVE-2015-2736", "CVE-2015-2740", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-7211", "CVE-2015-2731", "CVE-2015-0806", "CVE-2015-7212", "CVE-2015-2706", "CVE-2015-4515", "CVE-2015-7219", "CVE-2015-2730", "CVE-2015-7195"], "description": "Gentoo Linux Local Security Checks GLSA 201512-10", "modified": "2018-10-26T00:00:00", "published": "2015-12-31T00:00:00", "id": "OPENVAS:1361412562310121432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121432", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201512-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201512-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121432\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-31 11:46:02 +0200 (Thu, 31 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201512-10\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201512-10\");\n script_cve_id(\"CVE-2015-0798\", \"CVE-2015-0799\", \"CVE-2015-0801\", \"CVE-2015-0802\", \"CVE-2015-0803\", \"CVE-2015-0804\", \"CVE-2015-0805\", \"CVE-2015-0806\", \"CVE-2015-0807\", \"CVE-2015-0808\", \"CVE-2015-0810\", \"CVE-2015-0811\", \"CVE-2015-0812\", \"CVE-2015-0813\", \"CVE-2015-0814\", \"CVE-2015-0815\", \"CVE-2015-0816\", \"CVE-2015-2706\", \"CVE-2015-2721\", \"CVE-2015-2722\", \"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2726\", \"CVE-2015-2727\", \"CVE-2015-2728\", \"CVE-2015-2729\", \"CVE-2015-2730\", \"CVE-2015-2731\", \"CVE-2015-2733\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\", \"CVE-2015-2742\", \"CVE-2015-2743\", \"CVE-2015-2808\", \"CVE-2015-4000\", \"CVE-2015-4153\", \"CVE-2015-4495\", \"CVE-2015-4513\", \"CVE-2015-4514\", \"CVE-2015-4515\", \"CVE-2015-4518\", \"CVE-2015-7181\", \"CVE-2015-7182\", \"CVE-2015-7183\", \"CVE-2015-7187\", \"CVE-2015-7188\", \"CVE-2015-7189\", \"CVE-2015-7191\", \"CVE-2015-7192\", \"CVE-2015-7193\", \"CVE-2015-7194\", \"CVE-2015-7195\", \"CVE-2015-7196\", \"CVE-2015-7197\", \"CVE-2015-7198\", \"CVE-2015-7199\", \"CVE-2015-7200\", \"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201512-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/firefox\", unaffected: make_list(\"ge 38.5.0\"), vulnerable: make_list(\"lt 38.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/firefox-bin\", unaffected: make_list(\"ge 38.5.0\"), vulnerable: make_list(\"lt 38.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird\", unaffected: make_list(\"ge 38.5.0\"), vulnerable: make_list(\"lt 38.5.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"mail-client/thunderbird-bin\", unaffected: make_list(\"ge 38.5.0\"), vulnerable: make_list(\"lt 38.5.0\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T03:45:02", "description": "The version of Firefox installed on the remote Mac OS X host is prior\nto 43. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7201)\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7202)\n\n - An overflow condition exists in the LoadFontFamilyData()\n function due to improper validation of user-supplied\n input. A remote attacker can exploit this to cause a\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2015-7203)\n\n - A flaw exists in the PropertyWriteNeedsTypeBarrier()\n function due to improper handling of unboxed objects\n during JavaScript variable assignments. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-7204)\n\n - A flaw exists in the RtpHeaderParser::Parse() function\n due to improper handling of RTP headers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted RTP headers, to execute arbitrary\n code. (CVE-2015-7205)\n\n - A same-origin bypass vulnerability exists that is\n triggered after a redirect when the function is used\n alongside an iframe to host a page. An attacker can\n exploit this to gain access to cross-origin URL\n information. (CVE-2015-7207)\n\n - The SetCookieInternal() function improperly allows\n control characters (e.g. ASCII code 11) to be inserted\n into cookies. An attacker can exploit this to inject\n cookies. (CVE-2015-7208)\n\n - A use-after-free error exists due to improper prevention\n of datachannel operations on closed PeerConnections. An\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-7210)\n\n - A flaw exists in the ParseURI() function due to improper\n handling of a hash (#) character in the data: URI. An\n attacker can exploit this to spoof the URL bar.\n (CVE-2015-7211)\n\n - An integer overflow condition exists in the\n readMetaData() function due to improper validation of\n user-supplied input when handling a specially crafted\n MP4 file. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7213)\n\n - A same-origin bypass vulnerability exists due to\n improper handling of 'data:' and 'view-source:' URIs. An\n attacker can exploit this to read data from cross-site\n URLs and local files. (CVE-2015-7214)\n\n - An information disclosure vulnerability exists due to\n improper handling of error events in web workers. An\n attacker can exploit this to gain access to sensitive\n cross-origin information. (CVE-2015-7215)\n\n - Multiple integer underflow conditions exist due to\n improper validation of user-supplied input when\n handling HTTP2 frames. An attacker can exploit these to\n crash the application, resulting in a denial of service.\n (CVE-2015-7218, CVE-2015-7219)\n\n - An overflow condition exists in the XDRBuffer::grow()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7220)\n\n - An overflow condition exists in the GrowCapacity()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7221)\n\n - An integer underflow condition exists in the bundled\n version of libstagefright in the parseChunk() function\n that is triggered when handling 'covr' chunks. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted media content, to crash the\n application or execute arbitrary code. (CVE-2015-7222)\n\n - A privilege escalation vulnerability exists in the\n Extension.jsm script due to a failure to restrict\n WebExtension APIs from being injected into documents\n without WebExtension principals. An attacker can exploit\n this to conduct a cross-site scripting attack, resulting\n in the execution of arbitrary script code in a user's\n browser session. (CVE-2015-7223)", "edition": 28, "published": "2015-12-17T00:00:00", "title": "Firefox < 43 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_43.NASL", "href": "https://www.tenable.com/plugins/nessus/87474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87474);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-7201\",\n \"CVE-2015-7202\",\n \"CVE-2015-7203\",\n \"CVE-2015-7204\",\n \"CVE-2015-7205\",\n \"CVE-2015-7207\",\n \"CVE-2015-7208\",\n \"CVE-2015-7210\",\n \"CVE-2015-7211\",\n \"CVE-2015-7212\",\n \"CVE-2015-7213\",\n \"CVE-2015-7214\",\n \"CVE-2015-7215\",\n \"CVE-2015-7218\",\n \"CVE-2015-7219\",\n \"CVE-2015-7220\",\n \"CVE-2015-7221\",\n \"CVE-2015-7222\",\n \"CVE-2015-7223\"\n );\n script_bugtraq_id(79279, 79280, 79283);\n\n script_name(english:\"Firefox < 43 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Mac OS X host is prior\nto 43. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7201)\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7202)\n\n - An overflow condition exists in the LoadFontFamilyData()\n function due to improper validation of user-supplied\n input. A remote attacker can exploit this to cause a\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2015-7203)\n\n - A flaw exists in the PropertyWriteNeedsTypeBarrier()\n function due to improper handling of unboxed objects\n during JavaScript variable assignments. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-7204)\n\n - A flaw exists in the RtpHeaderParser::Parse() function\n due to improper handling of RTP headers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted RTP headers, to execute arbitrary\n code. (CVE-2015-7205)\n\n - A same-origin bypass vulnerability exists that is\n triggered after a redirect when the function is used\n alongside an iframe to host a page. An attacker can\n exploit this to gain access to cross-origin URL\n information. (CVE-2015-7207)\n\n - The SetCookieInternal() function improperly allows\n control characters (e.g. ASCII code 11) to be inserted\n into cookies. An attacker can exploit this to inject\n cookies. (CVE-2015-7208)\n\n - A use-after-free error exists due to improper prevention\n of datachannel operations on closed PeerConnections. An\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-7210)\n\n - A flaw exists in the ParseURI() function due to improper\n handling of a hash (#) character in the data: URI. An\n attacker can exploit this to spoof the URL bar.\n (CVE-2015-7211)\n\n - An integer overflow condition exists in the\n readMetaData() function due to improper validation of\n user-supplied input when handling a specially crafted\n MP4 file. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7213)\n\n - A same-origin bypass vulnerability exists due to\n improper handling of 'data:' and 'view-source:' URIs. An\n attacker can exploit this to read data from cross-site\n URLs and local files. (CVE-2015-7214)\n\n - An information disclosure vulnerability exists due to\n improper handling of error events in web workers. An\n attacker can exploit this to gain access to sensitive\n cross-origin information. (CVE-2015-7215)\n\n - Multiple integer underflow conditions exist due to\n improper validation of user-supplied input when\n handling HTTP2 frames. An attacker can exploit these to\n crash the application, resulting in a denial of service.\n (CVE-2015-7218, CVE-2015-7219)\n\n - An overflow condition exists in the XDRBuffer::grow()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7220)\n\n - An overflow condition exists in the GrowCapacity()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7221)\n\n - An integer underflow condition exists in the bundled\n version of libstagefright in the parseChunk() function\n that is triggered when handling 'covr' chunks. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted media content, to crash the\n application or execute arbitrary code. (CVE-2015-7222)\n\n - A privilege escalation vulnerability exists in the\n Extension.jsm script due to a failure to restrict\n WebExtension APIs from being injected into documents\n without WebExtension principals. An attacker can exploit\n this to conduct a cross-site scripting attack, resulting\n in the execution of arbitrary script code in a user's\n browser session. (CVE-2015-7223)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 43 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'43', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:08:15", "description": "The version of Firefox installed on the remote Windows host is prior\nto 43. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7201)\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7202)\n\n - An overflow condition exists in the LoadFontFamilyData()\n function due to improper validation of user-supplied\n input. A remote attacker can exploit this to cause a\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2015-7203)\n\n - A flaw exists in the PropertyWriteNeedsTypeBarrier()\n function due to improper handling of unboxed objects\n during JavaScript variable assignments. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-7204)\n\n - A flaw exists in the RtpHeaderParser::Parse() function\n due to improper handling of RTP headers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted RTP headers, to execute arbitrary\n code. (CVE-2015-7205)\n\n - A same-origin bypass vulnerability exists that is\n triggered after a redirect when the function is used\n alongside an iframe to host a page. An attacker can\n exploit this to gain access to cross-origin URL\n information. (CVE-2015-7207)\n\n - The SetCookieInternal() function improperly allows\n control characters (e.g. ASCII code 11) to be inserted\n into cookies. An attacker can exploit this to inject\n cookies. (CVE-2015-7208)\n\n - A use-after-free error exists due to improper prevention\n of datachannel operations on closed PeerConnections. An\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-7210)\n\n - A flaw exists in the ParseURI() function due to improper\n handling of a hash (#) character in the data: URI. An\n attacker can exploit this to spoof the URL bar.\n (CVE-2015-7211)\n\n - An overflow condition exists in the AllocateForSurface()\n function due to improper validation of user-supplied\n input when handling texture allocation in graphics\n operations. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7212)\n\n - An integer overflow condition exists in the\n readMetaData() function due to improper validation of\n user-supplied input when handling a specially crafted\n MP4 file. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7213)\n\n - A same-origin bypass vulnerability exists due to\n improper handling of 'data:' and 'view-source:' URIs. An\n attacker can exploit this to read data from cross-site\n URLs and local files. (CVE-2015-7214)\n\n - An information disclosure vulnerability exists due to\n improper handling of error events in web workers. An\n attacker can exploit this to gain access to sensitive\n cross-origin information. (CVE-2015-7215)\n\n - Multiple integer underflow conditions exist due to\n improper validation of user-supplied input when\n handling HTTP2 frames. An attacker can exploit these to\n crash the application, resulting in a denial of service.\n (CVE-2015-7218, CVE-2015-7219)\n\n - An overflow condition exists in the XDRBuffer::grow()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7220)\n\n - An overflow condition exists in the GrowCapacity()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7221)\n\n - An integer underflow condition exists in the bundled\n version of libstagefright in the parseChunk() function\n that is triggered when handling 'covr' chunks. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted media content, to crash the\n application or execute arbitrary code. (CVE-2015-7222)\n\n - A privilege escalation vulnerability exists in the\n Extension.jsm script due to a failure to restrict\n WebExtension APIs from being injected into documents\n without WebExtension principals. An attacker can exploit\n this to conduct a cross-site scripting attack, resulting\n in the execution of arbitrary script code in a user's\n browser session. (CVE-2015-7223)", "edition": 28, "published": "2015-12-17T00:00:00", "title": "Firefox < 43 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_43.NASL", "href": "https://www.tenable.com/plugins/nessus/87476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87476);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-7201\",\n \"CVE-2015-7202\",\n \"CVE-2015-7203\",\n \"CVE-2015-7204\",\n \"CVE-2015-7205\",\n \"CVE-2015-7207\",\n \"CVE-2015-7208\",\n \"CVE-2015-7210\",\n \"CVE-2015-7211\",\n \"CVE-2015-7212\",\n \"CVE-2015-7213\",\n \"CVE-2015-7214\",\n \"CVE-2015-7215\",\n \"CVE-2015-7218\",\n \"CVE-2015-7219\",\n \"CVE-2015-7220\",\n \"CVE-2015-7221\",\n \"CVE-2015-7222\",\n \"CVE-2015-7223\"\n );\n script_bugtraq_id(79279, 79280, 79283);\n\n script_name(english:\"Firefox < 43 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior\nto 43. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7201)\n\n - Multiple unspecified memory corruption issues exist due\n to improper validation of user-supplied input. A remote\n attacker can exploit these issues by convincing a user\n to visit a specially crafted web page, resulting in the\n execution of arbitrary code. (CVE-2015-7202)\n\n - An overflow condition exists in the LoadFontFamilyData()\n function due to improper validation of user-supplied\n input. A remote attacker can exploit this to cause a\n buffer overflow, resulting in the execution of arbitrary\n code. (CVE-2015-7203)\n\n - A flaw exists in the PropertyWriteNeedsTypeBarrier()\n function due to improper handling of unboxed objects\n during JavaScript variable assignments. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-7204)\n\n - A flaw exists in the RtpHeaderParser::Parse() function\n due to improper handling of RTP headers. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted RTP headers, to execute arbitrary\n code. (CVE-2015-7205)\n\n - A same-origin bypass vulnerability exists that is\n triggered after a redirect when the function is used\n alongside an iframe to host a page. An attacker can\n exploit this to gain access to cross-origin URL\n information. (CVE-2015-7207)\n\n - The SetCookieInternal() function improperly allows\n control characters (e.g. ASCII code 11) to be inserted\n into cookies. An attacker can exploit this to inject\n cookies. (CVE-2015-7208)\n\n - A use-after-free error exists due to improper prevention\n of datachannel operations on closed PeerConnections. An\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-7210)\n\n - A flaw exists in the ParseURI() function due to improper\n handling of a hash (#) character in the data: URI. An\n attacker can exploit this to spoof the URL bar.\n (CVE-2015-7211)\n\n - An overflow condition exists in the AllocateForSurface()\n function due to improper validation of user-supplied\n input when handling texture allocation in graphics\n operations. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7212)\n\n - An integer overflow condition exists in the\n readMetaData() function due to improper validation of\n user-supplied input when handling a specially crafted\n MP4 file. An attacker can exploit this to execute\n arbitrary code. (CVE-2015-7213)\n\n - A same-origin bypass vulnerability exists due to\n improper handling of 'data:' and 'view-source:' URIs. An\n attacker can exploit this to read data from cross-site\n URLs and local files. (CVE-2015-7214)\n\n - An information disclosure vulnerability exists due to\n improper handling of error events in web workers. An\n attacker can exploit this to gain access to sensitive\n cross-origin information. (CVE-2015-7215)\n\n - Multiple integer underflow conditions exist due to\n improper validation of user-supplied input when\n handling HTTP2 frames. An attacker can exploit these to\n crash the application, resulting in a denial of service.\n (CVE-2015-7218, CVE-2015-7219)\n\n - An overflow condition exists in the XDRBuffer::grow()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7220)\n\n - An overflow condition exists in the GrowCapacity()\n function due to improper validation of user-supplied\n input. An attacker can exploit this to cause a buffer\n overflow, resulting in the execution of arbitrary code.\n (CVE-2015-7221)\n\n - An integer underflow condition exists in the bundled\n version of libstagefright in the parseChunk() function\n that is triggered when handling 'covr' chunks. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted media content, to crash the\n application or execute arbitrary code. (CVE-2015-7222)\n\n - A privilege escalation vulnerability exists in the\n Extension.jsm script due to a failure to restrict\n WebExtension APIs from being injected into documents\n without WebExtension principals. An attacker can exploit\n this to conduct a cross-site scripting attack, resulting\n in the execution of arbitrary script code in a user's\n browser session. (CVE-2015-7223)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox 43 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7221\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'43', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:46", "description": "Update to latest upstream - Firefox 43\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : firefox-43.0-1.fc22 (2015-7ab3d3afcf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-7AB3D3AFCF.NASL", "href": "https://www.tenable.com/plugins/nessus/89295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-7ab3d3afcf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89295);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_xref(name:\"FEDORA\", value:\"2015-7ab3d3afcf\");\n\n script_name(english:\"Fedora 22 : firefox-43.0-1.fc22 (2015-7ab3d3afcf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream - Firefox 43\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35c50826\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"firefox-43.0-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:18", "description": "Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse\nRuderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael\nHenretty discovered multiple memory safety issues in Firefox. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code\ninspection. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7203,\nCVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during JavaScript variable\nassignments in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs\nfollowing a redirect if performance.getEntries() is used with an\niframe to host a page. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto bypass same-origin restrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set\nin cookies. An attacker could potentially exploit this to conduct\ncookie injection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing\nchannels in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly\nhandled when parsing data: URLs. An attacker could potentially exploit\nthis to conduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large\ntextures. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7212)\n\nRonald Crane dicovered an integer overflow when processing MP4 format\nvideo in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7213)\n\nTsubasa Iinuma discovered a way to bypass same-origin restrictions\nusing data: and view-source: URLs. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to obtain sensitive information and read local files.\n(CVE-2015-7214)\n\nMasato Kinugawa discovered a cross-origin information leak in error\nevents in web workers. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2015-7215)\n\nGustavo Grieco discovered that the file chooser crashed on malformed\nimages due to flaws in the Jasper library. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service. (CVE-2015-7216,\nCVE-2015-7217)\n\nStuart Larsen discoverd two integer underflows when handling malformed\nHTTP/2 frames in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash.\n(CVE-2015-7218, CVE-2015-7219)\n\nGerald Squelart discovered an integer underflow in the libstagefright\nlibrary when parsing MP4 format video in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2015-7222)\n\nKris Maglione discovered a mechanism where web content could use\nWebExtension APIs to execute code with the privileges of a particular\nWebExtension. If a user were tricked in to opening a specially crafted\nwebsite with a vulnerable extension installed, an attacker could\npotentially exploit this to obtain sensitive information or conduct\ncross-site scripting (XSS) attacks. (CVE-2015-7223).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-12-16T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerabilities (USN-2833-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2015-12-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2833-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2833-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87406);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_xref(name:\"USN\", value:\"2833-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerabilities (USN-2833-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse\nRuderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael\nHenretty discovered multiple memory safety issues in Firefox. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code\ninspection. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7203,\nCVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during JavaScript variable\nassignments in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges\nof the user invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs\nfollowing a redirect if performance.getEntries() is used with an\niframe to host a page. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto bypass same-origin restrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set\nin cookies. An attacker could potentially exploit this to conduct\ncookie injection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing\nchannels in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly\nhandled when parsing data: URLs. An attacker could potentially exploit\nthis to conduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large\ntextures. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7212)\n\nRonald Crane dicovered an integer overflow when processing MP4 format\nvideo in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7213)\n\nTsubasa Iinuma discovered a way to bypass same-origin restrictions\nusing data: and view-source: URLs. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to obtain sensitive information and read local files.\n(CVE-2015-7214)\n\nMasato Kinugawa discovered a cross-origin information leak in error\nevents in web workers. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2015-7215)\n\nGustavo Grieco discovered that the file chooser crashed on malformed\nimages due to flaws in the Jasper library. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service. (CVE-2015-7216,\nCVE-2015-7217)\n\nStuart Larsen discoverd two integer underflows when handling malformed\nHTTP/2 frames in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash.\n(CVE-2015-7218, CVE-2015-7219)\n\nGerald Squelart discovered an integer underflow in the libstagefright\nlibrary when parsing MP4 format video in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2015-7222)\n\nKris Maglione discovered a mechanism where web content could use\nWebExtension APIs to execute code with the privileges of a particular\nWebExtension. If a user were tricked in to opening a specially crafted\nwebsite with a vulnerable extension installed, an attacker could\npotentially exploit this to obtain sensitive information or conduct\ncross-site scripting (XSS) attacks. (CVE-2015-7223).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2833-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"43.0+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"43.0+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"firefox\", pkgver:\"43.0+build1-0ubuntu0.15.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"firefox\", pkgver:\"43.0+build1-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:37", "description": "Update to latest upstream - Firefox 43\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : firefox-43.0-1.fc23 (2015-51b1105902)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-51B1105902.NASL", "href": "https://www.tenable.com/plugins/nessus/89241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-51b1105902.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89241);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_xref(name:\"FEDORA\", value:\"2015-51b1105902\");\n\n script_name(english:\"Fedora 23 : firefox-43.0-1.fc23 (2015-51b1105902)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream - Firefox 43\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?520d5310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"firefox-43.0-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:02", "description": "This update for MozillaFirefox fixes the following security issues :\n\n - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous\n memory safety hazards\n\n - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with\n JavaScript variable assignment with unboxed objects\n\n - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin\n policy violation using perfomance.getEntries and history\n navigation\n\n - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows\n for control characters to be set in cookies\n\n - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free\n in WebRTC when datachannel is used after being destroyed\n\n - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer\n overflow allocating extremely large textures\n\n - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin\n information leak through web workers error events\n\n - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data\n URI is incorrectly parsed\n\n - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818,\n bmo#1194820) DOS due to malformed frames in HTTP/2\n\n - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059,\n bmo#1203078) Linux file chooser crashes on malformed\n images due to flaws in Jasper library\n\n - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221\n (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows\n found through code inspection\n\n - MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow\n through code inspection\n\n - MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer\n overflow in MP4 playback in 64-bit versions\n\n - MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer\n underflow and buffer overflow processing MP4 metadata in\n libstagefright\n\n - MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege\n escalation vulnerabilities in WebExtension APIs\n\n - MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site\n reading attack through data and view-source URIs", "edition": 17, "published": "2015-12-29T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2015-942)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2015-12-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-942.NASL", "href": "https://www.tenable.com/plugins/nessus/87620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-942.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87620);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2015-942)\");\n script_summary(english:\"Check for the openSUSE-2015-942 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox fixes the following security issues :\n\n - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous\n memory safety hazards\n\n - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with\n JavaScript variable assignment with unboxed objects\n\n - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin\n policy violation using perfomance.getEntries and history\n navigation\n\n - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows\n for control characters to be set in cookies\n\n - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free\n in WebRTC when datachannel is used after being destroyed\n\n - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer\n overflow allocating extremely large textures\n\n - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin\n information leak through web workers error events\n\n - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data\n URI is incorrectly parsed\n\n - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818,\n bmo#1194820) DOS due to malformed frames in HTTP/2\n\n - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059,\n bmo#1203078) Linux file chooser crashes on malformed\n images due to flaws in Jasper library\n\n - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221\n (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows\n found through code inspection\n\n - MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow\n through code inspection\n\n - MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer\n overflow in MP4 playback in 64-bit versions\n\n - MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer\n underflow and buffer overflow processing MP4 metadata in\n libstagefright\n\n - MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege\n escalation vulnerabilities in WebExtension APIs\n\n - MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site\n reading attack through data and view-source URIs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-43.0-97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-43.0-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-43.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-43.0-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:40:52", "description": "The Mozilla Project reports :\n\nMFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)\n\nMFSA 2015-135 Crash with JavaScript variable assignment with unboxed\nobjects\n\nMFSA 2015-136 Same-origin policy violation using perfomance.getEntries\nand history navigation\n\nMFSA 2015-137 Firefox allows for control characters to be set in\ncookies\n\nMFSA 2015-138 Use-after-free in WebRTC when datachannel is used after\nbeing destroyed\n\nMFSA 2015-139 Integer overflow allocating extremely large textures\n\nMFSA 2015-140 Cross-origin information leak through web workers error\nevents\n\nMFSA 2015-141 Hash in data URI is incorrectly parsed\n\nMFSA 2015-142 DOS due to malformed frames in HTTP/2\n\nMFSA 2015-143 Linux file chooser crashes on malformed images due to\nflaws in Jasper library\n\nMFSA 2015-144 Buffer overflows found through code inspection\n\nMFSA 2015-145 Underflow through code inspection\n\nMFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions\n\nMFSA 2015-147 Integer underflow and buffer overflow processing MP4\nmetadata in libstagefright\n\nMFSA 2015-148 Privilege escalation vulnerabilities in WebExtension\nAPIs\n\nMFSA 2015-149 Cross-site reading attack through data and view-source\nURIs", "edition": 22, "published": "2015-12-16T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (2c2d1c39-1396-459a-91f5-ca03ee7c64c6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2015-12-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_2C2D1C391396459A91F5CA03EE7C64C6.NASL", "href": "https://www.tenable.com/plugins/nessus/87385", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87385);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (2c2d1c39-1396-459a-91f5-ca03ee7c64c6)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)\n\nMFSA 2015-135 Crash with JavaScript variable assignment with unboxed\nobjects\n\nMFSA 2015-136 Same-origin policy violation using perfomance.getEntries\nand history navigation\n\nMFSA 2015-137 Firefox allows for control characters to be set in\ncookies\n\nMFSA 2015-138 Use-after-free in WebRTC when datachannel is used after\nbeing destroyed\n\nMFSA 2015-139 Integer overflow allocating extremely large textures\n\nMFSA 2015-140 Cross-origin information leak through web workers error\nevents\n\nMFSA 2015-141 Hash in data URI is incorrectly parsed\n\nMFSA 2015-142 DOS due to malformed frames in HTTP/2\n\nMFSA 2015-143 Linux file chooser crashes on malformed images due to\nflaws in Jasper library\n\nMFSA 2015-144 Buffer overflows found through code inspection\n\nMFSA 2015-145 Underflow through code inspection\n\nMFSA 2015-146 Integer overflow in MP4 playback in 64-bit versions\n\nMFSA 2015-147 Integer underflow and buffer overflow processing MP4\nmetadata in libstagefright\n\nMFSA 2015-148 Privilege escalation vulnerabilities in WebExtension\nAPIs\n\nMFSA 2015-149 Cross-site reading attack through data and view-source\nURIs\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-134/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-135/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-136/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-137/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-138/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-139/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-140/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-141/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-142/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-143/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-144/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-145/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-146/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-147/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-148/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-149/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/\"\n );\n # https://vuxml.freebsd.org/freebsd/2c2d1c39-1396-459a-91f5-ca03ee7c64c6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1beb8077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<43.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<43.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.40\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.40\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<38.5.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<38.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<38.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<38.5.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:24", "description": "SeaMonkey was updated to 2.40 (boo#959277) to fix security issues and\nbugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-7575: MD5 signatures accepted within TLS 1.2\n ServerKeyExchange in server signature\n\n - CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety\n hazards\n\n - CVE-2015-7204: Crash with JavaScript variable assignment\n with unboxed objects\n\n - CVE-2015-7207: Same-origin policy violation using\n perfomance.getEntries and history navigation\n\n - CVE-2015-7208: Firefox allows for control characters to\n be set in cookies\n\n - CVE-2015-7210: Use-after-free in WebRTC when datachannel\n is used after being destroyed\n\n - CVE-2015-7212: Integer overflow allocating extremely\n large textures\n\n - CVE-2015-7215: Cross-origin information leak through web\n workers error events\n\n - CVE-2015-7211: Hash in data URI is incorrectly parsed\n\n - CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames\n in HTTP/2\n\n - CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes\n on malformed images due to flaws in Jasper library\n\n - CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer\n overflows found through code inspection\n\n - CVE-2015-7205: Underflow through code inspection\n\n - CVE-2015-7213: Integer overflow in MP4 playback in\n 64-bit versions\n\n - CVE-2015-7222: Integer underflow and buffer overflow\n processing MP4 metadata in libstagefright\n\n - CVE-2015-7223: Privilege escalation vulnerabilities in\n WebExtension APIs\n\n - CVE-2015-7214: Cross-site reading attack through data\n and view-source URIs", "edition": 18, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-02-03T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7575", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2016-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "OPENSUSE-2016-126.NASL", "href": "https://www.tenable.com/plugins/nessus/88547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-126.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88547);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\", \"CVE-2015-7575\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)\");\n script_summary(english:\"Check for the openSUSE-2016-126 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SeaMonkey was updated to 2.40 (boo#959277) to fix security issues and\nbugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-7575: MD5 signatures accepted within TLS 1.2\n ServerKeyExchange in server signature\n\n - CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety\n hazards\n\n - CVE-2015-7204: Crash with JavaScript variable assignment\n with unboxed objects\n\n - CVE-2015-7207: Same-origin policy violation using\n perfomance.getEntries and history navigation\n\n - CVE-2015-7208: Firefox allows for control characters to\n be set in cookies\n\n - CVE-2015-7210: Use-after-free in WebRTC when datachannel\n is used after being destroyed\n\n - CVE-2015-7212: Integer overflow allocating extremely\n large textures\n\n - CVE-2015-7215: Cross-origin information leak through web\n workers error events\n\n - CVE-2015-7211: Hash in data URI is incorrectly parsed\n\n - CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames\n in HTTP/2\n\n - CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes\n on malformed images due to flaws in Jasper library\n\n - CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer\n overflows found through code inspection\n\n - CVE-2015-7205: Underflow through code inspection\n\n - CVE-2015-7213: Integer overflow in MP4 playback in\n 64-bit versions\n\n - CVE-2015-7222: Integer underflow and buffer overflow\n processing MP4 metadata in libstagefright\n\n - CVE-2015-7223: Privilege escalation vulnerabilities in\n WebExtension APIs\n\n - CVE-2015-7214: Cross-site reading attack through data\n and view-source URIs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debuginfo-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debugsource-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-dom-inspector-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-irc-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-common-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-other-2.40-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-debuginfo-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-debugsource-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-dom-inspector-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-irc-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-translations-common-2.40-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-translations-other-2.40-6.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:31", "description": "This update for SeaMonkey fixes the following issues :\n\n - update to SeaMonkey 2.40 (bnc#959277)\n\n - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575\n (bmo#1158489) MD5 signatures accepted within TLS 1.2\n ServerKeyExchange in server signature\n\n - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous\n memory safety hazards\n\n - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with\n JavaScript variable assignment with unboxed objects\n\n - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin\n policy violation using perfomance.getEntries and history\n navigation\n\n - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows\n for control characters to be set in cookies\n\n - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free\n in WebRTC when datachannel is used after being destroyed\n\n - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer\n overflow allocating extremely large textures\n\n - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin\n information leak through web workers error events\n\n - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data\n URI is incorrectly parsed\n\n - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818,\n bmo#1194820) DOS due to malformed frames in HTTP/2\n\n - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059,\n bmo#1203078) Linux file chooser crashes on malformed\n images due to flaws in Jasper library\n\n - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221\n (bmo#1201183, bmo#1178033, bmo#1199400)", "edition": 18, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-02-03T00:00:00", "title": "openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7575", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "modified": "2016-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "p-cpe:/a:novell:opensuse:seamonkey-dom-inspector", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey-irc", "p-cpe:/a:novell:opensuse:seamonkey", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-129.NASL", "href": "https://www.tenable.com/plugins/nessus/88550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-129.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88550);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\", \"CVE-2015-7575\");\n\n script_name(english:\"openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)\");\n script_summary(english:\"Check for the openSUSE-2016-129 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SeaMonkey fixes the following issues :\n\n - update to SeaMonkey 2.40 (bnc#959277)\n\n - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575\n (bmo#1158489) MD5 signatures accepted within TLS 1.2\n ServerKeyExchange in server signature\n\n - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous\n memory safety hazards\n\n - MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with\n JavaScript variable assignment with unboxed objects\n\n - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin\n policy violation using perfomance.getEntries and history\n navigation\n\n - MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows\n for control characters to be set in cookies\n\n - MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free\n in WebRTC when datachannel is used after being destroyed\n\n - MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer\n overflow allocating extremely large textures\n\n - MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin\n information leak through web workers error events\n\n - MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data\n URI is incorrectly parsed\n\n - MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818,\n bmo#1194820) DOS due to malformed frames in HTTP/2\n\n - MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059,\n bmo#1203078) Linux file chooser crashes on malformed\n images due to flaws in Jasper library\n\n - MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221\n (bmo#1201183, bmo#1178033, bmo#1199400)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1158489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1160890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1178033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1185256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1191423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1194818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1194820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1197059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1199400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1201183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1203078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1206211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1216130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1216748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1218326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1220493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1221444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1222809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1226423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1228950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected SeaMonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.40-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.40-62.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:48", "description": "The remote host is affected by the vulnerability described in GLSA-201512-10\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Mozilla Thunderbird. Please review the CVE identifiers referenced below\n for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-01-04T00:00:00", "title": "GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4000", "CVE-2015-2738", "CVE-2015-0813", "CVE-2015-2737", "CVE-2015-7198", "CVE-2015-7204", "CVE-2015-2726", "CVE-2015-7200", "CVE-2015-7216", "CVE-2015-4514", "CVE-2015-7181", "CVE-2015-0812", "CVE-2015-7191", "CVE-2015-0811", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-2728", "CVE-2015-7194", "CVE-2015-2724", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-0810", "CVE-2015-7207", "CVE-2015-0799", "CVE-2015-0808", "CVE-2015-7187", "CVE-2015-0816", "CVE-2015-7189", "CVE-2015-2739", "CVE-2015-7208", "CVE-2015-7182", "CVE-2015-2808", "CVE-2015-7213", "CVE-2015-2733", "CVE-2015-2721", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-4495", "CVE-2015-2722", "CVE-2015-2729", "CVE-2015-7201", "CVE-2015-2725", "CVE-2015-2734", "CVE-2015-7188", "CVE-2015-0798", "CVE-2015-7183", "CVE-2015-0805", "CVE-2015-7210", "CVE-2015-7196", "CVE-2015-0802", "CVE-2015-7192", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-0815", "CVE-2015-2743", "CVE-2015-7215", "CVE-2015-4153", "CVE-2015-2727", "CVE-2015-7199", "CVE-2015-7202", "CVE-2015-4518", "CVE-2015-4513", "CVE-2015-7193", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-2735", "CVE-2015-2742", "CVE-2015-2741", "CVE-2015-0801", "CVE-2015-7197", "CVE-2015-2736", "CVE-2015-2740", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-7211", "CVE-2015-2731", "CVE-2015-0806", "CVE-2015-7212", "CVE-2015-2706", "CVE-2015-4515", "CVE-2015-7219", "CVE-2015-2730", "CVE-2015-7195"], "modified": "2016-01-04T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:thunderbird", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:thunderbird-bin", "p-cpe:/a:gentoo:linux:firefox-bin"], "id": "GENTOO_GLSA-201512-10.NASL", "href": "https://www.tenable.com/plugins/nessus/87710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201512-10.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87710);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0798\", \"CVE-2015-0799\", \"CVE-2015-0801\", \"CVE-2015-0802\", \"CVE-2015-0803\", \"CVE-2015-0804\", \"CVE-2015-0805\", \"CVE-2015-0806\", \"CVE-2015-0807\", \"CVE-2015-0808\", \"CVE-2015-0810\", \"CVE-2015-0811\", \"CVE-2015-0812\", \"CVE-2015-0813\", \"CVE-2015-0814\", \"CVE-2015-0815\", \"CVE-2015-0816\", \"CVE-2015-2706\", \"CVE-2015-2721\", \"CVE-2015-2722\", \"CVE-2015-2724\", \"CVE-2015-2725\", \"CVE-2015-2726\", \"CVE-2015-2727\", \"CVE-2015-2728\", \"CVE-2015-2729\", \"CVE-2015-2730\", \"CVE-2015-2731\", \"CVE-2015-2733\", \"CVE-2015-2734\", \"CVE-2015-2735\", \"CVE-2015-2736\", \"CVE-2015-2737\", \"CVE-2015-2738\", \"CVE-2015-2739\", \"CVE-2015-2740\", \"CVE-2015-2741\", \"CVE-2015-2742\", \"CVE-2015-2743\", \"CVE-2015-2808\", \"CVE-2015-4000\", \"CVE-2015-4153\", \"CVE-2015-4495\", \"CVE-2015-4513\", \"CVE-2015-4514\", \"CVE-2015-4515\", \"CVE-2015-4518\", \"CVE-2015-7181\", \"CVE-2015-7182\", \"CVE-2015-7183\", \"CVE-2015-7187\", \"CVE-2015-7188\", \"CVE-2015-7189\", \"CVE-2015-7191\", \"CVE-2015-7192\", \"CVE-2015-7193\", \"CVE-2015-7194\", \"CVE-2015-7195\", \"CVE-2015-7196\", \"CVE-2015-7197\", \"CVE-2015-7198\", \"CVE-2015-7199\", \"CVE-2015-7200\", \"CVE-2015-7201\", \"CVE-2015-7202\", \"CVE-2015-7203\", \"CVE-2015-7204\", \"CVE-2015-7205\", \"CVE-2015-7207\", \"CVE-2015-7208\", \"CVE-2015-7210\", \"CVE-2015-7211\", \"CVE-2015-7212\", \"CVE-2015-7213\", \"CVE-2015-7214\", \"CVE-2015-7215\", \"CVE-2015-7216\", \"CVE-2015-7217\", \"CVE-2015-7218\", \"CVE-2015-7219\", \"CVE-2015-7220\", \"CVE-2015-7221\", \"CVE-2015-7222\", \"CVE-2015-7223\");\n script_xref(name:\"GLSA\", value:\"201512-10\");\n\n script_name(english:\"GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201512-10\n(Mozilla Products: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Mozilla Thunderbird. Please review the CVE identifiers referenced below\n for details.\n \nImpact :\n\n A remote attacker could entice a user to view a specially crafted web\n page or email, possibly resulting in execution of arbitrary code or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201512-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-38.5.0'\n All Firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-38.5.0'\n All Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-38.5.0'\n All Thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-38.5.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox PDF.js Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 38.5.0\"), vulnerable:make_list(\"lt 38.5.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 38.5.0\"), vulnerable:make_list(\"lt 38.5.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 38.5.0\"), vulnerable:make_list(\"lt 38.5.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 38.5.0\"), vulnerable:make_list(\"lt 38.5.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Products\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, \nEric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty \ndiscovered multiple memory safety issues in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code inspection. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during javascript variable assignments \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to execute \narbitrary code with the privileges of the user invoking Firefox. \n(CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If a \nuser were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs following \na redirect if performance.getEntries() is used with an iframe to host a \npage. If a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to bypass same-origin \nrestrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set in \ncookies. An attacker could potentially exploit this to conduct cookie \ninjection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing channels in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly handled \nwhen parsing data: URLs. An attacker could potentially exploit this to \nconduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large \ntextures. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2015-7212)\n\nRonald Crane dicovered an integer overflow when processing MP4 format \nvideo in some circumstances. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \ncause a denial of service via application crash, or execute arbitrary code \nwith the privileges of the user invoking Firefox. (CVE-2015-7213)\n\nTsubasa Iinuma discovered a way to bypass same-origin restrictions using \ndata: and view-source: URLs. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nobtain sensitive information and read local files. (CVE-2015-7214)\n\nMasato Kinugawa discovered a cross-origin information leak in error events \nin web workers. An attacker could potentially exploit this to obtain \nsensitive information. (CVE-2015-7215)\n\nGustavo Grieco discovered that the file chooser crashed on malformed \nimages due to flaws in the Jasper library. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially \nexploit this to cause a denial of service. \n(CVE-2015-7216, CVE-2015-7217)\n\nStuart Larsen discoverd two integer underflows when handling malformed \nHTTP/2 frames in some circumstances. If a user were tricked in to opening \na specially crafted website, an attacker could potentially exploit these \nto cause a denial of service via application crash. (CVE-2015-7218, \nCVE-2015-7219)\n\nGerald Squelart discovered an integer underflow in the libstagefright \nlibrary when parsing MP4 format video in some circumstances. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code with the privileges of the user invoking \nFirefox. (CVE-2015-7222)\n\nKris Maglione discovered a mechanism where web content could use \nWebExtension APIs to execute code with the privileges of a particular \nWebExtension. If a user were tricked in to opening a specially crafted \nwebsite with a vulnerable extension installed, an attacker could \npotentially exploit this to obtain sensitive information or conduct \ncross-site scripting (XSS) attacks. (CVE-2015-7223)", "edition": 5, "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "id": "USN-2833-1", "href": "https://ubuntu.com/security/notices/USN-2833-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "- CVE-2015-7201 CVE-2015-7202 (arbitrary code execution)\n\nMozilla developers and community identified and fixed several memory\nsafety bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.\n\n- CVE-2015-7203 CVE-2015-7220 CVE-2015-7221 (buffer overflow)\n\nSecurity researcher Ronald Crane reported three buffer overflows\naffecting released code that were found through code inspection. They do\nnot all have clear mechanisms to be exploited through web content but\nare vulnerable if a mechanism can be found to trigger them.\n\n- CVE-2015-7204 (denial of service)\n\nSecurity researcher Cajus Pollmeier reported crashing during some\nJavascript variable assignments. The issue was caused by an\nimplementation error with unboxed objects and property storing in the\nJavaScript engine. This error could result in a potentially exploitable\ncrash when triggered by JavaScript content as well as leading to errors\non some websites.\n\n- CVE-2015-7205 (information disclosure)\n\nSecurity researcher Ronald Crane reported an underflow found through\ncode inspection. This does not all have a clear mechanism to be\nexploited through web content but could be vulnerable if a means can be\nfound to trigger it.\n\n- CVE-2015-7207 (same-origin policy bypass)\n\nSecurity researcher cgvwzq reported that it is possible to read\ncross-origin URLs following a redirect if perfomance.getEntries() is\nused along with an iframe to host a page. Navigating back in history\nthrough script, content is pulled from the browser cache for the\nredirected location instead of going to the original location. This is a\nsame-origin policy violation and could allow for data theft.\n\n- CVE-2015-7208 (cookie injection)\n\nSecurity researcher musicDespiteEverything reported an issue when ASCII\ncode 11 for vertical tab is stored in a cookie in violation of RFC6265.\nThis may result in incorrect cookie handling by servers, resulting in\nthe potential ability to set cookie values and read cookie data from\nusers in concert with some web servers if the vertical tab character is\nmishandled during parsing.\n\n- CVE-2015-7210 (arbitrary code execution)\n\nSecurity researcher Looben Yang reported a use-after-free error in\nWebRTC that occurs due to timing issues in WebRTC when closing channels.\nWebRTC may still believe is has a datachannel open after another WebRTC\nfunction has closed it. This results in attempts to use the now\ndestroyed datachannel, leading to a potentially exploitable crash.\n\n- CVE-2015-7211 (URL spoofing)\n\nSecurity researcher Abdulrahman Alqabandi reported that when a data: URI\nis parsed, the hash ('#') symbol is incorrectly handled, allowing for\nspoofing attacks. This issue could result in the wrong URI being\ndisplayed as a location, which can mislead users to believe they are on\na different site than the one loaded.\n\n- CVE-2015-7212 (denial of service)\n\nSecurity researcher Abhishek Arya (Inferno) of the Google Chrome\nSecurity Team used the Address Sanitizer tool to discover an integer\noverflow when when allocating textures of extremely larges sizes during\ngraphics operations. This results in a potentially exploitable crash\nwhen triggered.\n\n- CVE-2015-7213 (denial of service)\n\nSecurity researcher Ronald Crane reported a vulnerability found through\ncode inspection. This issue is an integer overflow while processing an\nMP4 format video file when an a erroneously-small buffer is allocated\nand then overrun, resulting in a potentially exploitable crash.\n\n- CVE-2015-7214 (cross-origin restriction bypass)\n\nSecurity researcher Tsubasa Iinuma reported a mechanism to violate\nsame-origin policy to content using data: and view-soure: URIs to\nconfuse protections and bypass restrictions. This resulted in the\nability to read data from cross-site URLs and local files.\n\n- CVE-2015-7215 (information disclosure)\n\nSecurity researcher Masato Kinugawa reported a cross-origin information\nleak through the error events in web workers. This violates same-origin\npolicy and the leaked information could potentially be used by a\nmalicious party to gather authentication tokens and other data from\nthird-party websites.\n\n- CVE-2015-7216 CVE-2015-7217 (denial of service)\n\nSecurity researcher Gustavo Grieco reported that on Linux Gnome systems\nthe dialog for choosing local files uses the operating system's\ngdk-pixbuf library to render thumbnails for image file types. This\nlibrary supports various image decoders, and Grieco reported that the\nJasper and TGA decoders were unmaintained and have several known\nvulnerabilities. Firefox has disabled the use of those decoders in\ngdk-pixbuf.\n\n- CVE-2015-7218 CVE-2015-7219 (denial of service)\n\nSecurity researcher Stuart Larsen reported two issues with HTTP/2\nresulting in integer underflows that lead to intentional aborts when the\nerrors are detected.\nIn the first issue, if a malformed HTTP2 header frame is received with\nonly a single byte, an integer underflow can be created in some\ncircumstances. In the second issue, a malformed HTTP2 PushPromse frame\nis received and the length of the decompressed buffer is miscalculated,\nleading to another integer underflow. In both of these instances, more\nmemory is allocated than is allowed, triggering assertions and\nintentional aborts (a denial of service) but no exploitable crashes.\n\n- CVE-2015-7222 (denial of service)\n\nMozilla developer Gerald Squelart fixed an integer underflow in the\nlibstagefright library initially reported by Joshua Drake to Google. The\nissues occurred in MP4 format video file while parsing cover metadata,\nleading to a buffer overflow. This results in a potentially exploitable\ncrash and can be triggered by a malformed MP4 file served by web content.\n\n- CVE-2015-7223 (privilege escalation)\n\nMozilla developer Kris Maglione reported a mechanism where WebExtension\nAPIs could be used to escalate privilege. This could allow arbitrary web\ncontent to execute code with the privileges of a particular WebExtension\nwhen using these API calls. Depending on the privileges of the extension\nused, this could result in personal information theft and cross-site\nscripting (XSS) attacks, including theft of browser cookies. This is\nmitigated by the requirement to have a WebExtension installed that is\nvulnerable to this issue.", "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "id": "ASA-201512-9", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2015-134 Miscellaneous memory safety hazards\n\t (rv:43.0 / rv:38.5)\nMFSA 2015-135 Crash with JavaScript variable assignment\n\t with unboxed objects\nMFSA 2015-136 Same-origin policy violation using\n\t perfomance.getEntries and history navigation\nMFSA 2015-137 Firefox allows for control characters to be\n\t set in cookies\nMFSA 2015-138 Use-after-free in WebRTC when datachannel\n\t is used after being destroyed\nMFSA 2015-139 Integer overflow allocating extremely large\n\t textures\nMFSA 2015-140 Cross-origin information leak through web\n\t workers error events\nMFSA 2015-141 Hash in data URI is incorrectly parsed\nMFSA 2015-142 DOS due to malformed frames in HTTP/2\nMFSA 2015-143 Linux file chooser crashes on malformed\n\t images due to flaws in Jasper library\nMFSA 2015-144 Buffer overflows found through code\n\t inspection\nMFSA 2015-145 Underflow through code inspection\nMFSA 2015-146 Integer overflow in MP4 playback in 64-bit\n\t versions\nMFSA 2015-147 Integer underflow and buffer overflow\n\t processing MP4 metadata in libstagefright\nMFSA 2015-148 Privilege escalation vulnerabilities in\n\t WebExtension APIs\nMFSA 2015-149 Cross-site reading attack through data and\n\t view-source URIs\n\n", "edition": 4, "modified": "2015-12-15T00:00:00", "published": "2015-12-15T00:00:00", "id": "2C2D1C39-1396-459A-91F5-CA03EE7C64C6", "href": "https://vuxml.freebsd.org/freebsd/2c2d1c39-1396-459a-91f5-ca03ee7c64c6.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:45:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-7204", "CVE-2015-7216", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-7207", "CVE-2015-7208", "CVE-2015-7213", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-7201", "CVE-2015-7210", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-7215", "CVE-2015-7202", "CVE-2015-7211", "CVE-2015-7212", "CVE-2015-7219"], "description": "### *Detect date*:\n12/15/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 43 \nMozilla Firefox ESR versions earlier than 38.5\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-7223](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7223>)4.0Warning \n[CVE-2015-7201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201>)10.0Critical \n[CVE-2015-7202](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7202>)10.0Critical \n[CVE-2015-7203](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7203>)10.0Critical \n[CVE-2015-7204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7204>)6.8High \n[CVE-2015-7205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205>)10.0Critical \n[CVE-2015-7207](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7207>)5.0Critical \n[CVE-2015-7208](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208>)5.0Critical \n[CVE-2015-7210](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210>)7.5Critical \n[CVE-2015-7211](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7211>)5.0Critical \n[CVE-2015-7212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212>)7.5Critical \n[CVE-2015-7213](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213>)6.8High \n[CVE-2015-7214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214>)5.0Critical \n[CVE-2015-7215](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7215>)5.0Critical \n[CVE-2015-7216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7216>)6.8High \n[CVE-2015-7217](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7217>)4.3Warning \n[CVE-2015-7218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7218>)5.0Critical \n[CVE-2015-7219](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7219>)5.0Critical \n[CVE-2015-7220](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7220>)10.0Critical \n[CVE-2015-7221](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7221>)10.0Critical \n[CVE-2015-7222](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222>)6.8High", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2015-12-15T00:00:00", "id": "KLA10723", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10723", "title": "\r KLA10723Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4000", "CVE-2015-2738", "CVE-2015-0813", "CVE-2015-2737", "CVE-2015-7198", "CVE-2015-7204", "CVE-2015-2726", "CVE-2015-7200", "CVE-2015-7216", "CVE-2015-4514", "CVE-2015-7181", "CVE-2015-0812", "CVE-2015-7191", "CVE-2015-0811", "CVE-2015-7221", "CVE-2015-7220", "CVE-2015-2728", "CVE-2015-7194", "CVE-2015-2724", "CVE-2015-7203", "CVE-2015-7214", "CVE-2015-0810", "CVE-2015-7207", "CVE-2015-0799", "CVE-2015-0808", "CVE-2015-7187", "CVE-2015-0816", "CVE-2015-7189", "CVE-2015-2739", "CVE-2015-7208", "CVE-2015-7182", "CVE-2015-2808", "CVE-2015-7213", "CVE-2015-2733", "CVE-2015-2721", "CVE-2015-7205", "CVE-2015-7217", "CVE-2015-4495", "CVE-2015-2722", "CVE-2015-2729", "CVE-2015-7201", "CVE-2015-2725", "CVE-2015-2734", "CVE-2015-7188", "CVE-2015-0798", "CVE-2015-7183", "CVE-2015-0805", "CVE-2015-7210", "CVE-2015-7196", "CVE-2015-0802", "CVE-2015-7192", "CVE-2015-7223", "CVE-2015-7218", "CVE-2015-7222", "CVE-2015-0815", "CVE-2015-2743", "CVE-2015-7215", "CVE-2015-4153", "CVE-2015-2727", "CVE-2015-7199", "CVE-2015-7202", "CVE-2015-4518", "CVE-2015-4513", "CVE-2015-7193", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-2735", "CVE-2015-2742", "CVE-2015-2741", "CVE-2015-0801", "CVE-2015-7197", "CVE-2015-2736", "CVE-2015-2740", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-7211", "CVE-2015-2731", "CVE-2015-0806", "CVE-2015-7212", "CVE-2015-2706", "CVE-2015-4515", "CVE-2015-7219", "CVE-2015-2730", "CVE-2015-7195"], "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.5.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.5.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.5.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.5.0\"", "edition": 1, "modified": "2015-12-31T00:00:00", "published": "2015-12-30T00:00:00", "id": "GLSA-201512-10", "href": "https://security.gentoo.org/glsa/201512-10", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
