Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities
2017-01-03T00:00:00
ID GLSA-201701-15 Type gentoo Reporter Gentoo Foundation Modified 2017-01-03T00:00:00
Description
Background
Mozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code.
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors.
Workaround
There is no known workaround at this time.
Resolution
All Firefox users should upgrade to the latest version:
{"type": "gentoo", "published": "2017-01-03T00:00:00", "href": "https://security.gentoo.org/glsa/201701-15", "hashmap": [{"key": "affectedPackage", "hash": "9184ad3f15790e66fbf380830d383f2c"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "d44cdfaf508eb0753dd2e211c47ede74"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "5d008d1473962a6f072d558157fef50d"}, {"key": "href", "hash": "14686fcf41b4b1b5e0c34e74b726003a"}, {"key": "modified", "hash": "246eab7ea12f7075bf31446dc8a0a86d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "246eab7ea12f7075bf31446dc8a0a86d"}, {"key": "references", "hash": "7b9808af267fdb61cf7c92d54946f6d8"}, {"key": "reporter", "hash": "ac1fd6b3deacaf22b54dd1934ae33181"}, {"key": "title", "hash": "44647316e816f91790dc121219874833"}, {"key": "type", "hash": "365d0fc7d6206ff26e2f2c2a78c91a94"}], "bulletinFamily": "unix", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 27, "history": [], "lastseen": "2017-01-03T14:14:21", "objectVersion": "1.2", "reporter": "Gentoo Foundation", "title": "Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities", "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2017-01-03T14:14:21"}, "dependencies": {"references": [{"type": "nessus", "idList": ["GENTOO_GLSA-201701-15.NASL", "MACOSX_FIREFOX_45_3_ESR.NASL", "MACOSX_FIREFOX_49.NASL", "MOZILLA_FIREFOX_49_0.NASL", "MACOSX_FIREFOX_48.NASL", "UBUNTU_USN-3076-1.NASL", "OPENSUSE-2016-1128.NASL", "MOZILLA_FIREFOX_49.NASL", "OPENSUSE-2015-250.NASL", "MOZILLA_FIREFOX_45_3_ESR.NASL"]}, {"type": "archlinux", "idList": ["ASA-201608-2", "ASA-201609-22", "ASA-201501-6"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2368-1", "OPENSUSE-SU-2016:2386-1", "SUSE-SU-2016:2513-1", "SUSE-SU-2016:2434-1", "OPENSUSE-SU-2015:0404-1", "OPENSUSE-SU-2016:1964-1", "SUSE-SU-2016:2431-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809325", "OPENVAS:1361412562310851395", "OPENVAS:1361412562310851396", "OPENVAS:1361412562310805475", "OPENVAS:1361412562310809326", "OPENVAS:1361412562310882560", "OPENVAS:1361412562310882559", "OPENVAS:1361412562310882535", "OPENVAS:1361412562310808641", "OPENVAS:1361412562310809806"]}, {"type": "kaspersky", "idList": ["KLA10876", "KLA10852", "KLA10464"]}, {"type": "freebsd", "idList": ["2C57C47E-8BB3-4694-83C8-9FC3ABAD3964", "99029172-8253-407D-9D8B-2CFEAB9ABF81", "AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5"]}, {"type": "ubuntu", "idList": ["USN-3076-1", "USN-2458-2", "USN-2458-3", "USN-3044-1", "USN-2458-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14293"]}, {"type": "centos", "idList": ["CESA-2016:1551", "CESA-2016:1912"]}, {"type": "redhat", "idList": ["RHSA-2016:1551", "RHSA-2016:1912"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1551", "ELSA-2016-1912"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3674-1:A1E50", "DEBIAN:DSA-3640-1:D6912", "DEBIAN:DLA-658-1:FEEE0", "DEBIAN:DLA-636-1:3B163"]}], "modified": "2017-01-03T14:14:21"}, "vulnersScore": 7.6}, "id": "GLSA-201701-15", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5296", "https://bugs.gentoo.org/show_bug.cgi?id=601320", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5253", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9900", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2810", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0821", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2839", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5282", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0834", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8642", "https://bugs.gentoo.org/show_bug.cgi?id=539242", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5263", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2811", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9895", "https://bugs.gentoo.org/show_bug.cgi?id=604024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5264", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2813", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5251", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2827", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5260", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5252", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0825", "https://bugs.gentoo.org/show_bug.cgi?id=541506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5262", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5254", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5271", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5277", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5261", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5281", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5284", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9899", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5279", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5250", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2812", "https://bugs.gentoo.org/show_bug.cgi?id=599924", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5272", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5276", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0833", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0826", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9898", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2816", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5290", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9897", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2836", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5255", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5294", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2808", "https://bugs.gentoo.org/show_bug.cgi?id=590330", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5268", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5291", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9064", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5267", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5280", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2837", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5258", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5278", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5273", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5293", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9066", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5257", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5265", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2835", "https://bugs.gentoo.org/show_bug.cgi?id=602576", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5275", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5266", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5256", "https://bugs.gentoo.org/show_bug.cgi?id=594616", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0830", "https://bugs.gentoo.org/show_bug.cgi?id=581326", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0835", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9893"], "cvelist": ["CVE-2015-0824", "CVE-2016-9893", "CVE-2015-0831", "CVE-2016-5266", "CVE-2016-5290", "CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5252", "CVE-2015-0832", "CVE-2016-5281", "CVE-2016-2816", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5297", "CVE-2016-2827", "CVE-2015-0825", "CVE-2015-0821", "CVE-2016-2817", "CVE-2016-5250", "CVE-2016-2805", "CVE-2015-0828", "CVE-2016-5259", "CVE-2016-5274", "CVE-2016-9904", "CVE-2016-5261", "CVE-2016-5267", "CVE-2016-9064", "CVE-2016-5254", "CVE-2016-5284", "CVE-2016-2814", "CVE-2015-0826", "CVE-2016-5296", "CVE-2016-9899", "CVE-2016-5265", "CVE-2016-9079", "CVE-2016-5270", "CVE-2016-9898", "CVE-2014-8642", "CVE-2014-8637", "CVE-2016-5264", "CVE-2014-8636", "CVE-2016-2813", "CVE-2016-9902", "CVE-2015-0819", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5283", "CVE-2016-9074", "CVE-2016-5277", "CVE-2015-0834", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-9897", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-9066", "CVE-2014-8641", "CVE-2015-0835", "CVE-2016-9905", "CVE-2016-5258", "CVE-2016-9895", "CVE-2016-2810", "CVE-2016-9900", "CVE-2016-5293", "CVE-2016-5260", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-5268", "CVE-2016-5257", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-9901", "CVE-2016-2807", "CVE-2016-5272", "CVE-2014-8634", "CVE-2015-0823", "CVE-2016-5251", "CVE-2016-2806", "CVE-2016-5273", "CVE-2016-2837", "CVE-2015-0836", "CVE-2016-5276", "CVE-2016-2812", "CVE-2014-8639", "CVE-2015-0829", "CVE-2016-5262", "CVE-2015-0822", "CVE-2016-5253", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2016-5279", "CVE-2014-8635", "CVE-2014-8638", "CVE-2016-5255", "CVE-2016-5275", "CVE-2016-2830", "CVE-2016-5282", "CVE-2015-0820", "CVE-2016-2820", "CVE-2015-0833"], "hash": "a851b8f0bd6f35bde4e67ab40866de0c0738576ce68838d1c6202070f3c28bba", "edition": 1, "affectedPackage": [{"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.38", "packageName": "www-client/seamonkey-bin", "packageFilename": "UNKNOWN"}, {"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "packageName": "mail-client/thunderbird", "packageFilename": "UNKNOWN"}, {"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "packageName": "www-client/firefox", "packageFilename": "UNKNOWN"}, {"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.38", "packageName": "www-client/seamonkey", "packageFilename": "UNKNOWN"}, {"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "packageName": "mail-client/thunderbird-bin", "packageFilename": "UNKNOWN"}, {"arch": "all", "operator": "lt", "OS": "Gentoo", "OSVersion": "any", "packageVersion": "45.6.0", "packageName": "www-client/firefox-bin", "packageFilename": "UNKNOWN"}], "modified": "2017-01-03T00:00:00", "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.38\"\n \n\nAll SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.38\""}
{"nessus": [{"lastseen": "2019-02-21T01:28:57", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2017-01-27T00:00:00", "id": "GENTOO_GLSA-201701-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96276", "published": "2017-01-04T00:00:00", "title": "GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-15.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96276);\n script_version(\"$Revision: 3.7 $\");\n script_cvs_date(\"$Date: 2017/01/27 23:31:26 $\");\n\n script_cve_id(\"CVE-2016-2804\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2809\", \"CVE-2016-2810\", \"CVE-2016-2811\", \"CVE-2016-2812\", \"CVE-2016-2813\", \"CVE-2016-2814\", \"CVE-2016-2816\", \"CVE-2016-2817\", \"CVE-2016-2820\", \"CVE-2016-2827\", \"CVE-2016-2830\", \"CVE-2016-2835\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5250\", \"CVE-2016-5251\", \"CVE-2016-5252\", \"CVE-2016-5253\", \"CVE-2016-5254\", \"CVE-2016-5255\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5260\", \"CVE-2016-5261\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-5266\", \"CVE-2016-5267\", \"CVE-2016-5268\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\");\n script_xref(name:\"GLSA\", value:\"201701-15\");\n\n script_name(english:\"GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-15\n(Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Thunderbird. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition via\n multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.6.0'\n All Firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.6.0'\n All Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-45.6.0'\n All Thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-45.6.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox / Thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:42:59", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-10-05T00:00:00", "id": "MOZILLA_FIREFOX_49_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=117941", "published": "2018-10-05T00:00:00", "title": "Mozilla Firefox < 49 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117941);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/10/05 15:06:47\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"Mozilla Firefox < 49 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host is\nprior to 49. It is, therefore, affected by multiple vulnerabilities as\nnoted in Mozilla Firefox stable channel update release notes for\n2016/09/20. Please refer to the release notes for additional\ninformation. Note that Nessus has not attempted to exploit these\nissues but has instead relied only on the application's self-reported\nversion number.\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1249522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a71b5c71\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1268034\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27887241\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1276413\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4caa1ed8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1277213\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32eb4c7a\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1280387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ef629bf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282076\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8865b1d7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1282746\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?160280d4\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1284690\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5dbbf44e\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54ac5d09\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287316\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3bfda65\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1287721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d89bb27\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288555\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f45fb2ce\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47a40c69\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288780\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0baaaa08\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1288946\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1181d174\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2269f975\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b74c22ad\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1289970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7882d62d\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1290244\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e281edf\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291016\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?117622e5\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1291665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b353376\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1293347\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6207b3c0\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294095\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e04baf7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294407\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?527385b7\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1294677\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40b8f022\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296078\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d9488e8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1296087\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74b0ed3\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1297099\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e935ffb\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=129793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5be7ccc\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=1303127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c34feae8\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=928187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c773d903\");\n # https://bugzilla.mozilla.org/show_bug.cgi?id=932335\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e86e0c1\");\n # https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b727e4e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5256\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:59", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 49.0. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists within file dom/security/nsCSPParser.cpp when handling content security policies (CSP) containing empty referrer directives. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the nsCSSFrameConstructor::GetInsertionPrevSibling() function in file layout/base/nsCSSFrameConstructor.cpp when handling text runs. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the HyperTextAccessible::GetChildOffset() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the FilterSupport::ComputeSourceNeededRegions() function when handling empty filters during canvas rendering. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling drag-and-drop events for files. An unauthenticated, remote attacker can exploit this disclose the full local file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests favicons from non-whitelisted schemes that are using certain URI handlers. An unauthenticated, remote attacker can exploit this to bypass intended restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes that allow an unauthenticated, remote attacker to conduct an 'iframe src' fragment timing attack, resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_49.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93660", "published": "2016-09-22T00:00:00", "title": "Mozilla Firefox < 49.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93660);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n script_bugtraq_id(\n 93049,\n 93052\n );\n script_xref(name:\"MFSA\", value:\"2016-85\");\n\n script_name(english:\"Mozilla Firefox < 49.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Mac OS X host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:36", "bulletinFamily": "scanner", "description": "The version of Firefox ESR installed on the remote Mac OS X host is 45.x prior to 45.3. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send requests to the user's browser and disclose sensitive information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)\n\n - An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_45_3_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92752", "published": "2016-08-05T00:00:00", "title": "Firefox ESR 45.x < 45.3 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92752);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2016-2830\",\n \"CVE-2016-2835\",\n \"CVE-2016-2836\",\n \"CVE-2016-2837\",\n \"CVE-2016-2838\",\n \"CVE-2016-5252\",\n \"CVE-2016-5254\",\n \"CVE-2016-5258\",\n \"CVE-2016-5259\",\n \"CVE-2016-5262\",\n \"CVE-2016-5263\",\n \"CVE-2016-5264\",\n \"CVE-2016-5265\"\n );\n script_bugtraq_id(\n 92258,\n 92261\n );\n script_xref(name:\"MFSA\", value:\"2016-62\");\n script_xref(name:\"MFSA\", value:\"2016-63\");\n script_xref(name:\"MFSA\", value:\"2016-64\");\n script_xref(name:\"MFSA\", value:\"2016-67\");\n script_xref(name:\"MFSA\", value:\"2016-68\");\n script_xref(name:\"MFSA\", value:\"2016-70\");\n script_xref(name:\"MFSA\", value:\"2016-72\");\n script_xref(name:\"MFSA\", value:\"2016-73\");\n script_xref(name:\"MFSA\", value:\"2016-76\");\n script_xref(name:\"MFSA\", value:\"2016-77\");\n script_xref(name:\"MFSA\", value:\"2016-78\");\n script_xref(name:\"MFSA\", value:\"2016-79\");\n script_xref(name:\"MFSA\", value:\"2016-80\");\n\n script_name(english:\"Firefox ESR 45.x < 45.3 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Mac OS X host is\n45.x prior to 45.3. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists due to a\n failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send\n requests to the user's browser and disclose sensitive\n information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper\n validation of user-supplied input. An attacker can\n exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content\n Decryption Module (CDM) used by the Encrypted Media\n Extensions (EME) API due to improper validation of\n user-supplied input. An attacker can exploit this to\n cause a buffer overflow, resulting in a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI()\n function in layout/base/nsBidi.cpp due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2838)\n\n - An underflow condition exists in the BasePoint4d()\n function in gfx/2d/Matrix.h due to improper validation\n of user-supplied input when calculating clipping regions\n in 2D graphics. A remote attacker can exploit this to\n cause a stack-based buffer underflow, resulting in a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function\n in layout/xul/nsXULPopupManager.cpp when using the alt\n key in conjunction with top level menu items. An\n attacker can exploit this to dereference already freed\n memory, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in WebRTC that is\n triggered when handling DTLS objects. An attacker can\n exploit this to dereference already freed memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop()\n function in dom/workers/WorkerPrivate.cpp that is\n triggered when handling nested sync event loops in\n Service Workers. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - A security bypass vulnerability exists due to event\n handler attributes on a <marquee> tag being executed\n inside a sandboxed iframe that does not have the\n allow-scripts flag set. An attacker can exploit this to\n bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function\n in nsDisplayList.cpp when handling display\n transformations. An attacker can exploit this to execute\n arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the\n NativeAnonymousChildListChange() function when applying\n effects to SVG elements. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in\n nsBaseChannel.cpp that is triggered when a malicious \n shortcut is called from the same directory as a local\n HTML file. An attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5265)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 45.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.3', min:'45.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:28:00", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 49.0. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists within file dom/security/nsCSPParser.cpp when handling content security policies (CSP) containing empty referrer directives. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the nsCSSFrameConstructor::GetInsertionPrevSibling() function in file layout/base/nsCSSFrameConstructor.cpp when handling text runs. An unauthenticated, remote attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the HyperTextAccessible::GetChildOffset() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the FilterSupport::ComputeSourceNeededRegions() function when handling empty filters during canvas rendering. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling drag-and-drop events for files. An unauthenticated, remote attacker can exploit this disclose the full local file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests favicons from non-whitelisted schemes that are using certain URI handlers. An unauthenticated, remote attacker can exploit this to bypass intended restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes that allow an unauthenticated, remote attacker to conduct an 'iframe src' fragment timing attack, resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_FIREFOX_49.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93662", "published": "2016-09-22T00:00:00", "title": "Mozilla Firefox < 49.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93662);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2016-2827\",\n \"CVE-2016-5256\",\n \"CVE-2016-5257\",\n \"CVE-2016-5270\",\n \"CVE-2016-5271\",\n \"CVE-2016-5272\",\n \"CVE-2016-5273\",\n \"CVE-2016-5274\",\n \"CVE-2016-5275\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5279\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5282\",\n \"CVE-2016-5283\",\n \"CVE-2016-5284\"\n );\n script_bugtraq_id(\n 93049,\n 93052\n );\n script_xref(name:\"MFSA\", value:\"2016-85\");\n\n script_name(english:\"Mozilla Firefox < 49.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 49.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists within file\n dom/security/nsCSPParser.cpp when handling content\n security policies (CSP) containing empty referrer\n directives. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-2827)\n\n - Multiple memory safety issues exist that allow an\n unauthenticated, remote attacker to potentially execute\n arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\n - A heap buffer overflow condition exists in the\n nsCaseTransformTextRunFactory::TransformString()\n function in layout/generic/nsTextRunTransformations.cpp\n when converting text containing certain Unicode\n characters. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5270)\n\n - An out-of-bounds read error exists in the\n nsCSSFrameConstructor::GetInsertionPrevSibling()\n function in file layout/base/nsCSSFrameConstructor.cpp\n when handling text runs. An unauthenticated, remote\n attacker can exploit this to disclose memory contents.\n (CVE-2016-5271)\n\n - A type confusion error exists within file\n layout/forms/nsRangeFrame.cpp when handling layout with\n input elements. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-5272)\n\n - An unspecified flaw exists in the\n HyperTextAccessible::GetChildOffset() function that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5273)\n\n - A use-after-free error exists within file\n layout/style/nsRuleNode.cpp when handling web animations\n during restyling. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-5274)\n\n - A buffer overflow condition exists in the\n FilterSupport::ComputeSourceNeededRegions() function\n when handling empty filters during canvas rendering. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5275)\n\n - A use-after-free error exists in the\n DocAccessible::ProcessInvalidationList() function within\n file accessible/generic/DocAccessible.cpp when setting\n an aria-owns attribute. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-5276)\n\n - A use-after-free error exists in the\n nsRefreshDriver::Tick() function when handling web\n animations destroying a timeline. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code. (CVE-2016-5277)\n\n - A buffer overflow condition exists in the\n nsBMPEncoder::AddImageFrame() function within file\n dom/base/ImageEncoder.cpp when encoding image frames to\n images. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code. (CVE-2016-5278)\n\n - A flaw exists that is triggered when handling\n drag-and-drop events for files. An unauthenticated,\n remote attacker can exploit this disclose the full local\n file path. (CVE-2016-5279)\n\n - A use-after-free error exists in the\n nsTextNodeDirectionalityMap::RemoveElementFromMap()\n function within file dom/base/DirectionalityUtils.cpp\n when handling changing of text direction. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5280)\n\n - A use-after-free error exists when handling SVG format\n content that is being manipulated through script code.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5281)\n\n - A flaw exists when handling content that requests\n favicons from non-whitelisted schemes that are using\n certain URI handlers. An unauthenticated, remote\n attacker can exploit this to bypass intended\n restrictions. (CVE-2016-5282)\n\n - A flaw exists that is related to the handling of iframes\n that allow an unauthenticated, remote attacker to\n conduct an 'iframe src' fragment timing attack,\n resulting in disclosure of cross-origin data.\n (CVE-2016-5283)\n\n - A flaw exists due to the certificate pinning policy for\n built-in sites (e.g., addons.mozilla.org) not being\n honored when pins have expired. A man-in-the-middle\n (MitM) attacker can exploit this to generate a trusted\n certificate, which could be used to conduct spoofing\n attacks. (CVE-2016-5284)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 49.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'49', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:28:02", "bulletinFamily": "scanner", "description": "MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the eyes and the ears\n\n - Improved video performance for users on systems that support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM ap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n\n - In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to version 2.8\n\n - The following CA certificate was Removed Sonera Class1 CA\n\n - The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3", "modified": "2016-10-28T00:00:00", "id": "OPENSUSE-2016-1128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93732", "published": "2016-09-27T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93732);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/28 21:03:37 $\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)\");\n script_summary(english:\"Check for the openSUSE-2016-1128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n - Updated Firefox Login Manager to allow HTTPS pages to\n use saved HTTP logins.\n\n - Added features to Reader Mode that make it easier on the\n eyes and the ears\n\n - Improved video performance for users on systems that\n support SSE3 without hardware acceleration\n\n - Added context menu controls to HTML5 audio and video\n that let users loops files or play files at 1.25x speed\n\n - Improvements in about:memory reports for tracking font\n memory usage\n\n - Security related fixes\n\n - MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds\n read in mozilla::net::IsValidReferrerPolicy\n CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272\n (bmo#1297934) - Bad cast in nsImageGeometryMixin\n CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset\n CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n CVE-2016-5274 (bmo#1282076) - use-after-free in\n nsFrameManager::CaptureFrameState CVE-2016-5277\n (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions\n CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame CVE-2016-5279 (bmo#1249522)\n - Full local path of files is available to web pages\n after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromM\n ap CVE-2016-5281 (bmo#1284690) - use-after-free in\n DOMSVGLength CVE-2016-5282 (bmo#932335) - Don't allow\n content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment\n timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin\n expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in\n Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2 :\n\n - Mitigate a startup crash issue caused on Windows\n (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality :\n\n - Implemented DHE key agreement for TLS 1.3\n\n - Added support for ChaCha with TLS 1.3\n\n - Added support for TLS 1.2 ciphersuites that use SHA384\n as the PRF\n\n - In previous versions, when using client authentication\n with TLS 1.2, NSS only supported certificate_verify\n messages that used the same signature hash algorithm as\n used by the PRF. This limitation has been removed.\n\n - Several functions have been added to the public API of\n the NSS Cryptoki Framework. New functions :\n\n - NSSCKFWSlot_GetSlotID\n\n - NSSCKFWSession_GetFWSlot\n\n - NSSCKFWInstance_DestroySessionHandle\n\n - NSSCKFWInstance_FindSessionHandle Notable changes :\n\n - An SSL socket can no longer be configured to allow both\n TLS 1.3 and SSLv3\n\n - Regression fix: NSS no longer reports a failure if an\n application attempts to disable the SSLv2 protocol.\n\n - The list of trusted CA certificates has been updated to\n version 2.8\n\n - The following CA certificate was Removed Sonera Class1\n CA\n\n - The following CA certificates were Added Hellenic\n Academic and Research Institutions RootCA 2015 Hellenic\n Academic and Research Institutions ECC RootCA 2015\n Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root\n CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1249522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1280387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1284690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1287316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1287721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1294677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1304114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1304783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=928187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=932335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999701\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-49.0.1-125.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.25-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.25-91.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:28:01", "bulletinFamily": "scanner", "description": "Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash.\n(CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information.\n(CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through non-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3076-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93683", "published": "2016-09-23T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3076-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93683);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_xref(name:\"USN\", value:\"3076-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : firefox vulnerabilities (USN-3076-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Atte Kettunen discovered an out-of-bounds read when handling certain\nContent Security Policy (CSP) directives in some circumstances. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza\nBambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron\nCampen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion\nwith some unicode characters. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing\nof text runs in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input\nelements in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters\nduring canvas rendering. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a\ntimeline. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to\nweb pages after a drag and drop operation. An attacker could\npotentially exploit this to obtain sensitive information.\n(CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG\ncontent in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through\nnon-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving\ndocument resizes and link colours. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP).\nIf a man-in-the-middle (MITM) attacker was able to obtain a fraudulent\ncertificate for a Mozilla site, they could exploit this by providing\nmalicious addon updates. (CVE-2016-5284).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3076-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"49.0+build4-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:37", "bulletinFamily": "scanner", "description": "The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.3. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send requests to the user's browser and disclose sensitive information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)\n\n - An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_FIREFOX_45_3_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92754", "published": "2016-08-05T00:00:00", "title": "Firefox ESR 45.x < 45.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92754);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2016-2830\",\n \"CVE-2016-2835\",\n \"CVE-2016-2836\",\n \"CVE-2016-2837\",\n \"CVE-2016-2838\",\n \"CVE-2016-5252\",\n \"CVE-2016-5254\",\n \"CVE-2016-5258\",\n \"CVE-2016-5259\",\n \"CVE-2016-5262\",\n \"CVE-2016-5263\",\n \"CVE-2016-5264\",\n \"CVE-2016-5265\"\n );\n script_bugtraq_id(\n 92258,\n 92261\n );\n script_xref(name:\"MFSA\", value:\"2016-62\");\n script_xref(name:\"MFSA\", value:\"2016-63\");\n script_xref(name:\"MFSA\", value:\"2016-64\");\n script_xref(name:\"MFSA\", value:\"2016-67\");\n script_xref(name:\"MFSA\", value:\"2016-68\");\n script_xref(name:\"MFSA\", value:\"2016-70\");\n script_xref(name:\"MFSA\", value:\"2016-72\");\n script_xref(name:\"MFSA\", value:\"2016-73\");\n script_xref(name:\"MFSA\", value:\"2016-76\");\n script_xref(name:\"MFSA\", value:\"2016-77\");\n script_xref(name:\"MFSA\", value:\"2016-78\");\n script_xref(name:\"MFSA\", value:\"2016-79\");\n script_xref(name:\"MFSA\", value:\"2016-80\");\n\n script_name(english:\"Firefox ESR 45.x < 45.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is\n45.x prior to 45.3. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists due to a\n failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send\n requests to the user's browser and disclose sensitive\n information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper\n validation of user-supplied input. An attacker can\n exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content\n Decryption Module (CDM) used by the Encrypted Media\n Extensions (EME) API due to improper validation of\n user-supplied input. An attacker can exploit this to\n cause a buffer overflow, resulting in a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI()\n function in layout/base/nsBidi.cpp due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2838)\n\n - An underflow condition exists in the BasePoint4d()\n function in gfx/2d/Matrix.h due to improper validation\n of user-supplied input when calculating clipping regions\n in 2D graphics. A remote attacker can exploit this to\n cause a stack-based buffer underflow, resulting in a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function\n in layout/xul/nsXULPopupManager.cpp when using the alt\n key in conjunction with top level menu items. An\n attacker can exploit this to dereference already freed\n memory, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in WebRTC that is\n triggered when handling DTLS objects. An attacker can\n exploit this to dereference already freed memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop()\n function in dom/workers/WorkerPrivate.cpp that is\n triggered when handling nested sync event loops in\n Service Workers. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - A security bypass vulnerability exists due to event\n handler attributes on a <marquee> tag being executed\n inside a sandboxed iframe that does not have the\n allow-scripts flag set. An attacker can exploit this to\n bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function\n in nsDisplayList.cpp when handling display\n transformations. An attacker can exploit this to execute\n arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the\n NativeAnonymousChildListChange() function when applying\n effects to SVG elements. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in\n nsBaseChannel.cpp that is triggered when a malicious \n shortcut is called from the same directory as a local\n HTML file. An attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5265)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 45.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.3', min:'45.0', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:44", "bulletinFamily": "scanner", "description": "SeaMonkey was updated to 2.33 (bnc#917597)\n\n - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards\n\n - MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only)\n\n - MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections\n\n - MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings\n\n - MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections\n\n - MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB\n\n - MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback\n\n - MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR\n\n - MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content\n\n - MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling\n\n - MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback\n\n - MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library\n\n - MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser\n\n - MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete\n\n - MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs\n\n - MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs\n\n - MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass\n\nUpdate to SeaMonkey 2.32.1\n\n - fixed MailNews feeds not updating\n\n - fixed selected profile in Profile Manager not remembered\n\n - fixed opening a bookmark folder in tabs on Linux\n\n - fixed Troubleshooting Information (about:support) with the Modern theme", "modified": "2015-03-28T00:00:00", "id": "OPENSUSE-2015-250.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82013", "published": "2015-03-24T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-2015-250)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-250.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82013);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/03/28 17:02:45 $\");\n\n script_cve_id(\"CVE-2015-0819\", \"CVE-2015-0820\", \"CVE-2015-0821\", \"CVE-2015-0822\", \"CVE-2015-0823\", \"CVE-2015-0824\", \"CVE-2015-0825\", \"CVE-2015-0826\", \"CVE-2015-0827\", \"CVE-2015-0828\", \"CVE-2015-0829\", \"CVE-2015-0830\", \"CVE-2015-0831\", \"CVE-2015-0832\", \"CVE-2015-0833\", \"CVE-2015-0834\", \"CVE-2015-0835\", \"CVE-2015-0836\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-2015-250)\");\n script_summary(english:\"Check for the openSUSE-2015-250 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SeaMonkey was updated to 2.33 (bnc#917597)\n\n - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous\n memory safety hazards\n\n - MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla\n updater will load locally stored DLL files (Windows\n only)\n\n - MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period\n to hostnames can bypass HPKP and HSTS protections\n\n - MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL\n content crash when writing strings\n\n - MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and\n STUN connections silently fail to simple TCP connections\n\n - MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free\n in IndexedDB\n\n - MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow\n in libstagefright during MP4 video playback\n\n - MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)\n Double-free when using non-default memory allocators\n with a zero-length XHR\n\n - MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds\n read and write while rendering SVG content\n\n - MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow\n during CSS restyling\n\n - MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer\n underflow during MP3 playback\n\n - MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using\n DrawTarget in Cairo graphics library\n\n - MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free\n in Developer Console date with OpenType Sanitiser\n\n - MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of\n local files through manipulation of form autocomplete\n\n - MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or\n privileged URLs in pages can be opened into new tabs\n\n - MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour\n whitelisted sites in background tab can spoof foreground\n tabs\n\n - MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler\n JavaScript sandbox bypass\n\nUpdate to SeaMonkey 2.32.1\n\n - fixed MailNews feeds not updating\n\n - fixed selected profile in Profile Manager not remembered\n\n - fixed opening a bookmark folder in tabs on Linux\n\n - fixed Troubleshooting Information (about:support) with\n the Modern theme\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debuginfo-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-debugsource-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-dom-inspector-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-irc-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-common-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"seamonkey-translations-other-2.33-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debuginfo-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-debugsource-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-dom-inspector-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-irc-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-common-2.33-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"seamonkey-translations-other-2.33-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:27:36", "bulletinFamily": "scanner", "description": "The version of Firefox installed on the remote Mac OS X host is prior to 48. It is, therefore, affected by multiple vulnerabilities :\n\n - An overflow condition exists in the expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0718)\n\n - An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send requests to the user's browser and disclose sensitive information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)\n\n - A flaw exists in the Resource Timing API during page navigation. An attacker can exploit this to disclose sensitive information. (CVE-2016-5250)\n\n - A flaw exists that is triggered when decoding url-encoded values in 'data:' URLs. An attacker can exploit this, via non-ASCII or emoji characters, to spoof the address in the address bar. (CVE-2016-5251)\n\n - An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in the sweep() function that is triggered when handling objects and pointers during incremental garbage collection. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5255)\n\n - A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - An information disclosure vulnerability exists in the restorableFormNodes() function in XPathGenerator.jsm due to persistently storing passwords in plaintext in session restore data. An attacker can exploit this to disclose password information. (CVE-2016-5260)\n\n - An integer overflow condition exists in the ProcessInput() function in WebSocketChannel.cpp due to improper validation of user-supplied input when handling specially crafted WebSocketChannel packets. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5261)\n\n - A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)\n\n - A flaw exists due to a failure to properly filter file URIs dragged from a web page to a different piece of software. An attacker can exploit this to disclose sensitive information. (CVE-2016-5266)\n\n - A flaw exists that is triggered when handling certain specific 'about:' URLs that allows an attacker to spoof the contents of system information or error messages (CVE-2016-5268)\n\n - A flaw exists that is triggered when handling certain specific 'about:' URLs that allows an attacker to spoof the contents of system information or error messages (CVE-2016-5268)\n\n - A flaw exists in woff2 that is triggered during the handling of TTC detection. An attacker can exploit this to have an unspecified impact.\n\n - Multiple unspecified flaws exist in woff2 that allow an attacker to cause a denial of service condition.", "modified": "2019-01-02T00:00:00", "id": "MACOSX_FIREFOX_48.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92753", "published": "2016-08-05T00:00:00", "title": "Firefox < 48 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92753);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-0718\",\n \"CVE-2016-2830\",\n \"CVE-2016-2835\",\n \"CVE-2016-2836\",\n \"CVE-2016-2837\",\n \"CVE-2016-2838\",\n \"CVE-2016-5250\",\n \"CVE-2016-5251\",\n \"CVE-2016-5252\",\n \"CVE-2016-5254\",\n \"CVE-2016-5255\",\n \"CVE-2016-5258\",\n \"CVE-2016-5259\",\n \"CVE-2016-5260\",\n \"CVE-2016-5261\",\n \"CVE-2016-5262\",\n \"CVE-2016-5263\",\n \"CVE-2016-5264\",\n \"CVE-2016-5265\",\n \"CVE-2016-5266\",\n \"CVE-2016-5268\"\n );\n script_bugtraq_id(\n 90729,\n 92258,\n 92260,\n 92261\n );\n script_xref(name:\"MFSA\", value:\"2016-62\");\n script_xref(name:\"MFSA\", value:\"2016-63\");\n script_xref(name:\"MFSA\", value:\"2016-64\");\n script_xref(name:\"MFSA\", value:\"2016-66\");\n script_xref(name:\"MFSA\", value:\"2016-67\");\n script_xref(name:\"MFSA\", value:\"2016-68\");\n script_xref(name:\"MFSA\", value:\"2016-69\");\n script_xref(name:\"MFSA\", value:\"2016-70\");\n script_xref(name:\"MFSA\", value:\"2016-71\");\n script_xref(name:\"MFSA\", value:\"2016-72\");\n script_xref(name:\"MFSA\", value:\"2016-73\");\n script_xref(name:\"MFSA\", value:\"2016-74\");\n script_xref(name:\"MFSA\", value:\"2016-75\");\n script_xref(name:\"MFSA\", value:\"2016-76\");\n script_xref(name:\"MFSA\", value:\"2016-77\");\n script_xref(name:\"MFSA\", value:\"2016-78\");\n script_xref(name:\"MFSA\", value:\"2016-79\");\n script_xref(name:\"MFSA\", value:\"2016-80\");\n script_xref(name:\"MFSA\", value:\"2016-81\");\n script_xref(name:\"MFSA\", value:\"2016-83\");\n script_xref(name:\"MFSA\", value:\"2016-84\");\n\n script_name(english:\"Firefox < 48 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Mac OS X host is prior\nto 48. It is, therefore, affected by multiple vulnerabilities :\n\n - An overflow condition exists in the expat XML parser due\n to improper validation of user-supplied input when\n handling malformed input documents. An attacker can\n exploit this to cause a buffer overflow, resulting in a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-0718)\n\n - An information disclosure vulnerability exists due to a\n failure to close connections after requesting favicons.\n An attacker can exploit this to continue to send\n requests to the user's browser and disclose sensitive\n information.(CVE-2016-2830)\n\n - Multiple memory corruption issues exist due to improper\n validation of user-supplied input. An attacker can\n exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-2835, CVE-2016-2836)\n\n - An overflow condition exists in the ClearKey Content\n Decryption Module (CDM) used by the Encrypted Media\n Extensions (EME) API due to improper validation of\n user-supplied input. An attacker can exploit this to\n cause a buffer overflow, resulting in a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-2837)\n\n - An overflow condition exists in the ProcessPDI()\n function in layout/base/nsBidi.cpp due to improper\n validation of user-supplied input. An attacker can\n exploit this to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2838)\n\n - A flaw exists in the Resource Timing API during page\n navigation. An attacker can exploit this to disclose\n sensitive information. (CVE-2016-5250)\n\n - A flaw exists that is triggered when decoding\n url-encoded values in 'data:' URLs. An attacker can\n exploit this, via non-ASCII or emoji characters, to\n spoof the address in the address bar. (CVE-2016-5251)\n\n - An underflow condition exists in the BasePoint4d()\n function in gfx/2d/Matrix.h due to improper validation\n of user-supplied input when calculating clipping regions\n in 2D graphics. A remote attacker can exploit this to\n cause a stack-based buffer underflow, resulting in a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5252)\n\n - A use-after-free error exists in the KeyDown() function\n in layout/xul/nsXULPopupManager.cpp when using the alt\n key in conjunction with top level menu items. An\n attacker can exploit this to dereference already freed\n memory, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2016-5254)\n\n - A use-after-free error exists in the sweep() function\n that is triggered when handling objects and pointers\n during incremental garbage collection. An attacker can\n exploit this to dereference already freed memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5255)\n\n - A use-after-free error exists in WebRTC that is\n triggered when handling DTLS objects. An attacker can\n exploit this to dereference already freed memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5258)\n\n - A use-after-free error exists in the DestroySyncLoop()\n function in dom/workers/WorkerPrivate.cpp that is\n triggered when handling nested sync event loops in\n Service Workers. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5259)\n\n - An information disclosure vulnerability exists in the\n restorableFormNodes() function in XPathGenerator.jsm due\n to persistently storing passwords in plaintext in\n session restore data. An attacker can exploit this to\n disclose password information. (CVE-2016-5260)\n\n - An integer overflow condition exists in the\n ProcessInput() function in WebSocketChannel.cpp due to\n improper validation of user-supplied input when handling\n specially crafted WebSocketChannel packets. An attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2016-5261)\n\n - A security bypass vulnerability exists due to event\n handler attributes on a <marquee> tag being executed\n inside a sandboxed iframe that does not have the\n allow-scripts flag set. An attacker can exploit this to\n bypass cross-site scripting protection mechanisms.\n (CVE-2016-5262)\n\n - A type confusion flaw exists in the HitTest() function\n in nsDisplayList.cpp when handling display\n transformations. An attacker can exploit this to execute\n arbitrary code. (CVE-2016-5263)\n\n - A use-after-free error exists in the\n NativeAnonymousChildListChange() function when applying\n effects to SVG elements. An attacker can exploit this to\n dereference already freed memory, resulting in a denial\n of service condition or the execution of arbitrary code.\n (CVE-2016-5264)\n\n - A flaw exists in the Redirect() function in\n nsBaseChannel.cpp that is triggered when a malicious \n shortcut is called from the same directory as a local\n HTML file. An attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5265)\n\n - A flaw exists due to a failure to properly filter file\n URIs dragged from a web page to a different piece of\n software. An attacker can exploit this to disclose\n sensitive information. (CVE-2016-5266)\n\n - A flaw exists that is triggered when handling certain\n specific 'about:' URLs that allows an attacker to spoof\n the contents of system information or error messages\n (CVE-2016-5268)\n\n - A flaw exists that is triggered when handling certain\n specific 'about:' URLs that allows an attacker to spoof\n the contents of system information or error messages\n (CVE-2016-5268)\n\n - A flaw exists in woff2 that is triggered during the\n handling of TTC detection. An attacker can exploit this\n to have an unspecified impact.\n\n - Multiple unspecified flaws exist in woff2 that allow an\n attacker to cause a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox version 48 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'48', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "description": "- CVE-2016-0718 (arbitrary code execution)\n\nOut-of-bounds read during XML parsing in Expat library.\n\n- CVE-2016-2830 (information disclosure)\n\nFavicon network connection can persist when page is closed.\n\n- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)\n\nMozilla developers and community members reported several memory safety\nbugs in the browser engine used in firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under\ncertain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.\n\n- CVE-2016-2837 (arbitrary code execution)\n\nBuffer overflow in ClearKey Content Decryption Module (CDM) during video\nplayback\n\n- CVE-2016-2838 (arbitrary code execution)\n\nBuffer overflow rendering SVG with bidirectional content.\n\n- CVE-2016-5250 (information disclosure)\n\nInformation disclosure through Resource Timing API during page\nnavigation.\n\n- CVE-2016-5251 (URL spoofing)\n\nLocation bar spoofing via data URLs with malformed/invalid mediatypes.\n\n- CVE-2016-5252 (arbitrary code execution)\n\nStack underflow during 2D graphics rendering.\n\n- CVE-2016-5254 (arbitrary code execution)\n\nUse-after-free when using alt key and toplevel menus.\n\n- CVE-2016-5255 (arbitrary code execution)\n\nCrash in incremental garbage collection in JavaScript.\n\n- CVE-2016-5258 (arbitrary code execution)\n\nUse-after-free in DTLS during WebRTC session shutdown.\n\n- CVE-2016-5259 (arbitrary code execution)\n\nUse-after-free in service workers with nested sync events.\n\n- CVE-2016-5260 (information disclosure)\n\nForm input type change from password to text can store plain text\npassword in session restore file.\n\n- CVE-2016-5261 (arbitrary code execution)\n\nInteger overflow in WebSockets during data buffering.\n\n- CVE-2016-5262 (cross-site scripting)\n\nScripts on marquee tag can execute in sandboxed iframes.\n\n- CVE-2016-5263 (type confusion)\n\nType confusion in display transformation\n\n- CVE-2016-5264 (use after free)\n\nUse-after-free when applying SVG effects.\n\n- CVE-2016-5265 (same-origin policy bypass)\n\nSame-origin policy violation using local HTML file and saved shortcut\nfile.\n\n- CVE-2016-5266 (information disclosure)\n\nInformation disclosure and local file manipulation through drag and\ndrop.\n\n- CVE-2016-5268 (spoofing)\n\nSpoofing attack through text injection into internal error pages.", "modified": "2016-08-05T00:00:00", "published": "2016-08-05T00:00:00", "id": "ASA-201608-2", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html", "title": "firefox: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-22T21:22:32", "bulletinFamily": "unix", "description": "- CVE-2016-5256 (arbitrary code execution)\n\nMozilla developers Christoph Diehl, Christian Holler, Gary Kwong,\nNathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported\nmemory safety bugs present in Firefox 48. Some of these bugs showed\nevidence of memory corruption under certain circumstances could\npotentially exploited to run arbitrary code.\n\n- CVE-2016-5257 (arbitrary code execution)\n\nMozilla developers and community members Christoph Diehl, Andrew\nMcCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson\nSmith, Philipp, and Carsten Book reported memory safety bugs present in\nFirefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of\nmemory corruption and we presume that with enough effort at least some\nof these could be exploited to run arbitrary code.\n\n- CVE-2016-5270 (arbitrary code execution)\n\nAn out-of-bounds write of a boolean value during text conversion with\nsome unicode characters.\n\n- CVE-2016-5271 (information disclosure)\n\nAn out-of-bounds read during the processing of text runs in some pages\nusing display:contents.\n\n- CVE-2016-5272 (arbitrary code execution)\n\nA bad cast when processing layout with input elements can result in a\npotentially exploitable crash.\n\n- CVE-2016-5273 (arbitrary code execution)\n\nA potentially exploitable crash in accessibility in the\nmozilla::a11y::HyperTextAccessible::GetChildOffset function.\n\n- CVE-2016-5274 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nnsFrameManager::CaptureFrameState function in web animations during\nrestyling.\n\n- CVE-2016-5275 (arbitrary code execution)\n\nA buffer overflow vulnerability has been discovered in the\nmozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when\nworking with empty filters during canvas rendering.\n\n- CVE-2016-5276 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::a11y::DocAccessible::ProcessInvalidationList function\ntriggered by setting a aria-owns attribute.\n\n- CVE-2016-5277 (arbitrary code execution)\n\nA user-after-free vulnerability has been disconvered in the\nnsRefreshDriver::Tick function with web animations when destroying a\ntimeline.\n\n- CVE-2016-5278 (arbitrary code execution)\n\nA potentially exploitable crash caused by a heap based buffer overflow\nhas been discovered in the nsBMPEncoder::AddImageFrame function while\nencoding image frames to images.\n\n- CVE-2016-5279 (information disclosure)\n\nThe full path to local files is available to scripts when local files\nare drag and dropped into Firefox.\n\n- CVE-2016-5280 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the\nmozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function\nwhen changing text direction.\n\n- CVE-2016-5281 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the DOMSVGLength\nwhen manipulating SVG format content through a script.\n\n- CVE-2016-5282 (access restriction bypass)\n\nFavicons can be loaded through non-whitelisted protocols, such as jar.\n\n- CVE-2016-5283 (information disclosure)\n\nA timing attack vulnerability was discovered using iframes to\npotentially reveal private cross-origin data using document resizes and\nlink colors.\n\n- CVE-2016-5284 (certificate verification bypass)\n\nDue to flaws in the process used to update "Preloaded Public Key\nPinning", the pinning for add-on updates became ineffective in early\nSeptember. An attacker who was able to get a mis-issued certificate for\na Mozilla web site could send malicious add-on updates to users on\nnetworks controlled by the attacker. Users who have not installed any\nadd-ons are not affected.", "modified": "2016-09-22T00:00:00", "published": "2016-09-22T00:00:00", "id": "ASA-201609-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-24T20:38:57", "bulletinFamily": "unix", "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP\n logins.\n * Added features to Reader Mode that make it easier on the eyes and the\n ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to\n web pages after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength\n CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons\n from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - <iframe src>\n fragment timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin expiration\n CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -\n Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS 1.2,\n NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "modified": "2016-09-24T20:10:13", "published": "2016-09-24T20:10:13", "id": "OPENSUSE-SU-2016:2368-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00019.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T16:38:57", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 49.0 (boo#999701)\n - New features\n * Updated Firefox Login Manager to allow HTTPS pages to use saved\n HTTP logins.\n * Added features to Reader Mode that make it easier on the eyes and\n the ears\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n * Improvements in about:memory reports for tracking font memory usage\n - Security related fixes\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick\n CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web\n pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281\n (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)\n - Don't allow content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can\n reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site\n certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and\n Firefox ESR 45.4\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n * Implemented DHE key agreement for TLS 1.3\n * Added support for ChaCha with TLS 1.3\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n * In previous versions, when using client authentication with TLS\n 1.2, NSS only supported certificate_verify messages that used the same\n signature hash algorithm as used by the PRF. This limitation has been\n removed.\n * Several functions have been added to the public API of the NSS\n Cryptoki Framework. New functions:\n * NSSCKFWSlot_GetSlotID\n * NSSCKFWSession_GetFWSlot\n * NSSCKFWInstance_DestroySessionHandle\n * NSSCKFWInstance_FindSessionHandle Notable changes:\n * An SSL socket can no longer be configured to allow both TLS 1.3 and\n SSLv3\n * Regression fix: NSS no longer reports a failure if an application\n attempts to disable the SSLv2 protocol.\n * The list of trusted CA certificates has been updated to version 2.8\n * The following CA certificate was Removed Sonera Class1 CA\n * The following CA certificates were Added Hellenic Academic and\n Research Institutions RootCA 2015 Hellenic Academic and Research\n Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2\n OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3\n\n", "modified": "2016-09-26T18:10:55", "published": "2016-09-26T18:10:55", "id": "OPENSUSE-SU-2016:2386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00021.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-12T21:27:41", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to 45.4.0 ESR to fix the following issues\n (bsc#999701):\n\n The following security issue were fixed:\n * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * MFSA 2016-86/CVE-2016-5274: use-after-free in\n nsFrameManager::CaptureFrameState\n * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in\n nsBMPEncoder::AddImageFrame\n * MFSA 2016-86/CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources\n sent by the previous page\n * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in\n WebSocketChannel\n * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox\n 49 and Firefox ESR 45.4\n\n", "modified": "2016-10-12T20:08:55", "published": "2016-10-12T20:08:55", "id": "SUSE-SU-2016:2513-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00025.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-10-04T13:27:37", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 45.4.0 ESR to fix the following\n issues:\n\n Security issues fixed: (bsc#999701 MFSA 2016-86):\n * CVE-2016-5270: Heap-buffer-overflow in\n nsCaseTransformTextRunFactory::TransformString\n * CVE-2016-5272: Bad cast in nsImageGeometryMixin\n * CVE-2016-5276: Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n * CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n * CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n * CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n * CVE-2016-5280: Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n * CVE-2016-5281: use-after-free in DOMSVGLength\n * CVE-2016-5284: Add-on update site certificate pin expiration\n * CVE-2016-5250: Resource Timing API is storing resources sent by the\n previous page\n * CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n * CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR\n 45.4\n\n Bug fixed:\n - Fix for aarch64 Firefox startup crash (bsc#991344)\n\n", "modified": "2016-10-04T13:10:47", "published": "2016-10-04T13:10:47", "id": "SUSE-SU-2016:2434-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00001.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:49:17", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nss were updated to fix 18 security issues.\n\n MozillaFirefox was updated to version 36.0. These security issues were\n fixed:\n - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards\n - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS\n protections\n - CVE-2015-0830: Malicious WebGL content crash when writing strings\n - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP\n connections\n - CVE-2015-0831: Use-after-free in IndexedDB\n - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video\n playback\n - CVE-2015-0828: Double-free when using non-default memory allocators with\n a zero-length XHR\n - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content\n - CVE-2015-0826: Buffer overflow during CSS restyling\n - CVE-2015-0825: Buffer underflow during MP3 playback\n - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library\n - CVE-2015-0823: Use-after-free in Developer Console date with OpenType\n Sanitiser\n - CVE-2015-0822: Reading of local files through manipulation of form\n autocomplete\n - CVE-2015-0821: Local files or privileged URLs in pages can be opened\n into new tabs\n - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof\n foreground tabs\n - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass\n\n mozilla-nss was updated to version 3.17.4 to fix the following issues:\n - CVE-2014-1569: QuickDER decoder length issue (bnc#910647).\n - bmo#1084986: If an SSL/TLS connection fails, because client and server\n don't have any common protocol version enabled, NSS has been changed to\n report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting\n SSL_ERROR_NO_CYPHER_OVERLAP).\n - bmo#1112461: libpkix was fixed to prefer the newest certificate, if\n multiple certificates match.\n - bmo#1094492: fixed a memory corruption issue during failure of keypair\n generation.\n - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode.\n - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL\n client.\n\n", "modified": "2015-03-01T11:04:54", "published": "2015-03-01T11:04:54", "id": "OPENSUSE-SU-2015:0404-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:57:33", "bulletinFamily": "unix", "description": "Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and\n deliver various improvements.\n\n The following major changes are included:\n\n - Process separation (e10s) is enabled for some users\n - Add-ons that have not been verified and signed by Mozilla will not load\n - WebRTC enhancements\n - The media parser has been redeveloped using the Rust programming language\n - better Canvas performance with speedy Skia support\n - Now requires NSS 3.24\n\n The following security issues were fixed: (boo#991809)\n\n - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards\n - CVE-2016-2830: Favicon network connection can persist when page is closed\n - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content\n - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with\n FFmpeg 0.10\n - CVE-2016-5251: Location bar spoofing via data URLs with\n malformed/invalid mediatypes\n - CVE-2016-5252: Stack underflow during 2D graphics rendering\n - CVE-2016-0718: Out-of-bounds read during XML parsing in Expat library\n - CVE-2016-5254: Use-after-free when using alt key and toplevel menus\n - CVE-2016-5255: Crash in incremental garbage collection in JavaScript\n - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown\n - CVE-2016-5259: Use-after-free in service workers with nested sync events\n - CVE-2016-5260: Form input type change from password to text can store\n plain text password in session restore file\n - CVE-2016-5261: Integer overflow in WebSockets during data buffering\n - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes\n - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module\n (CDM) during video playback\n - CVE-2016-5263: Type confusion in display transformation\n - CVE-2016-5264: Use-after-free when applying SVG effects\n - CVE-2016-5265: Same-origin policy violation using local HTML file and\n saved shortcut file\n - CVE-2016-5266: Information disclosure and local file manipulation\n through drag and drop\n - CVE-2016-5268: Spoofing attack through text injection into internal\n error pages\n - CVE-2016-5250: Information disclosure through Resource Timing API during\n page navigation\n\n The following non-security changes are included:\n\n - The AppData description and screenshots were updated.\n - Fix Firefox crash on startup on i586 (boo#986541)\n - The Selenium WebDriver may have caused Firefox to crash at startup\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - Fix running on 48bit va aarch64 (boo#984126)\n - fix XUL dialog button order under KDE session (boo#984403)\n\n Mozilla NSS was updated to 3.24 as a dependency.\n\n Changes in mozilla-nss:\n\n - NSS softoken updated with latest NIST guidance\n - NSS softoken updated to allow NSS to run in FIPS Level 1 (no password)\n - Various added and deprecated functions\n - Remove most code related to SSL v2, including the ability to actively\n send a SSLv2-compatible client hello.\n - Protect against the Cachebleed attack.\n - Disable support for DTLS compression.\n - Improve support for TLS 1.3. This includes support for DTLS 1.3.\n (experimental)\n\n", "modified": "2016-08-05T01:09:19", "published": "2016-08-05T01:09:19", "id": "OPENSUSE-SU-2016:1964-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310809325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809325", "title": "Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2016-85_2016-86_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809325\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\",\n \"CVE-2016-5273\", \"CVE-2016-5276\", \"CVE-2016-5274\", \"CVE-2016-5277\",\n \"CVE-2016-5275\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\",\n \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\",\n \"CVE-2016-5256\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:24:26 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-85_2016-86 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy.\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Out-of-bounds read in PropertyProvider::GetSpacingInternal.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Crash in mozilla::a11y::HyperTextAccessible::GetChildOffset.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Full local path of files is available to web pages after drag and drop.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Favicons can be loaded through non-whitelisted protocols.\n\n - 'iframe src' fragment timing attack can reveal cross-origin data.\n\n - Add-on update site certificate pin expiration.\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 49 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 49\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"49\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"49\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-09-27T00:00:00", "id": "OPENVAS:1361412562310851396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851396", "title": "SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2386-1 (MozillaFirefox, mozilla-nss)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_2386_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2386-1 (MozillaFirefox, mozilla-nss)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851396\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-27 05:48:14 +0200 (Tue, 27 Sep 2016)\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\",\n \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\",\n \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\",\n \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2386-1 (MozillaFirefox, mozilla-nss)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n * Updated Firefox Login Manager to allow HTTPS pages to use saved\n HTTP logins.\n\n * Added features to Reader Mode that make it easier on the eyes and\n the ears\n\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n\n * Improvements in about:memory reports for tracking font memory usage\n\n - Security related fixes\n\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick\n CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to web\n pages after drag and drop CVE-2016-5280 (bmo#1289970) - Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281\n (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5282 (bmo#932335)\n\n - Don't allow content to request favicons from non-whitelisted schemes\n CVE-2016-5283 (bmo#928187) - iframe src fragment timing attack can\n reveal cross-origin data CVE-2016-5284 (bmo#1303127) - Add-on update site\n certificate pin expiration CVE-2016-5256 - Memory safety bugs fixed in\n Firefox 49 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and\n Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n\n * Implemented DHE key agreement for TLS 1.3\n\n * Added support for ChaCha with TLS 1.3\n\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n\n * In previous versions, when using client authentication with TLS\n 1.2, NSS only supported certificate_verify message ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2386_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~49.0.1~125.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.25~91.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-09-25T00:00:00", "id": "OPENVAS:1361412562310851395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851395", "title": "SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2368-1 (MozillaFirefox, mozilla-nss)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_2368_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2368-1 (MozillaFirefox, mozilla-nss)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851395\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-25 05:45:03 +0200 (Sun, 25 Sep 2016)\");\n script_cve_id(\"CVE-2016-2827\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5270\",\n \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\",\n \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\",\n \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\",\n \"CVE-2016-5283\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox, mozilla-nss openSUSE-SU-2016:2368-1 (MozillaFirefox, mozilla-nss)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n MozillaFirefox was updated to version 49.0 (boo#999701)\n\n - New features\n\n * Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP\n logins.\n\n * Added features to Reader Mode that make it easier on the eyes and the\n ears\n\n * Improved video performance for users on systems that support SSE3\n without hardware acceleration\n\n * Added context menu controls to HTML5 audio and video that let users\n loops files or play files at 1.25x speed\n\n * Improvements in about:memory reports for tracking font memory usage\n\n - Security related fixes\n\n * MFSA 2016-85 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in\n mozilla::net::IsValidReferrerPolicy CVE-2016-5270 (bmo#1291016) -\n Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in\n PropertyProvider::GetSpacingInternal CVE-2016-5272 (bmo#1297934) - Bad\n cast in nsImageGeometryMixin CVE-2016-5273 (bmo#1280387) - crash in\n mozilla::a11y::HyperTextAccessible::GetChildOffset CVE-2016-5276\n (bmo#1287721) - Heap-use-after-free in\n mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274\n (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState\n CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in\n nsRefreshDriver::Tick CVE-2016-5275 (bmo#1287316) -\n global-buffer-overflow in\n mozilla::gfx::FilterSupport::ComputeSourceNeededRegions CVE-2016-5278\n (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n CVE-2016-5279 (bmo#1249522) - Full local path of files is available to\n web pages after drag and drop CVE-2016-5280 (bmo#1289970) -\n Use-after-free in\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength\n CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons\n from non-whitelisted schemes CVE-2016-5283 (bmo#928187) - iframe src\n fragment timing attack can reveal cross-origin data CVE-2016-5284\n (bmo#1303127) - Add-on update site certificate pin expiration\n CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 CVE-2016-5257 -\n Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n\n - requires NSS 3.25\n\n - Mozilla Firefox 48.0.2:\n\n * Mitigate a startup crash issue caused on Windows (bmo#1291738)\n\n mozilla-nss was updated to NSS 3.25. New functionality:\n\n * Implemented DHE key agreement for TLS 1.3\n\n * Added support for ChaCha with TLS 1.3\n\n * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF\n\n * In previous v ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE Leap 42.1, openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2368_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~49.0~80.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.25~46.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-03-03T00:00:00", "id": "OPENVAS:1361412562310805475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805475", "title": "Mozilla Firefox Multiple Vulnerabilities-01 Mar15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mult_vuln01_mar15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Mozilla Firefox Multiple Vulnerabilities-01 Mar15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805475\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-0836\", \"CVE-2015-0835\", \"CVE-2015-0834\", \"CVE-2015-0833\",\n \"CVE-2015-0832\", \"CVE-2015-0831\", \"CVE-2015-0830\", \"CVE-2015-0829\",\n \"CVE-2015-0828\", \"CVE-2015-0827\", \"CVE-2015-0826\", \"CVE-2015-0825\",\n \"CVE-2015-0824\", \"CVE-2015-0823\", \"CVE-2015-0822\", \"CVE-2015-0821\",\n \"CVE-2015-0820\", \"CVE-2015-0819\");\n script_bugtraq_id(72742, 72748, 72743, 72747, 72752, 72746, 72745, 72741,\n 72744, 72755, 72750, 72751, 72753, 72754, 72756, 72758,\n 72757, 72759);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-03 14:30:16 +0530 (Tue, 03 Mar 2015)\");\n script_name(\"Mozilla Firefox Multiple Vulnerabilities-01 Mar15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Some unspecified vulnerabilities in the browser engine in Mozilla Firefox.\n\n - WebRTC implementation accepting turns: and stuns: URIs despite the program\n itself not supporting TLS connections to TURN and STUN servers.\n\n - Multiple untrusted search path vulnerabilities in updater.exe.\n\n - Improper recognition of the equivalence of domain names with and without a\n trailing . (dot) character.\n\n - Use-after-free error in the 'IDBDatabase::CreateObjectStore' function in\n dom/indexedDB/IDBDatabase.cpp script.\n\n - Flaw in the 'WebGLContext::CompileShader' function in\n dom/canvas/WebGLContextGL.cpp script that is triggered when handling specially\n crafted WebGL content that writes strings.\n\n - Buffer overflow in libstagefright.\n\n - Double free vulnerability in the 'nsXMLHttpRequest::GetResponse' function.\n\n - Heap-based buffer overflow in the 'mozilla::gfx::CopyRect' and\n 'nsTransformedTextRun::SetCapitalization' functions.\n\n - Stack-based buffer underflow in the 'mozilla::MP3FrameParser::ParseBuffer'\n function\n\n - Out-of-bounds Memory Zeroing Issue in Cairo graphics library implementation\n\n - Flaw in web content that relies on the Caja Compiler and other similar\n sandboxing libraries for protection.\n\n - Manual Link Opening Context Restriction Bypass flaw in Firefox.\n\n - Flaw in the autocomplete feature for forms.\n\n - Multiple use-after-free vulnerabilities in OpenType Sanitiser.\n\n - Heap use-after-free flaw in the 'ots::ots_gasp_parse' function.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to disclose potentially sensitive information, bypass certain security\n restrictions, cause a denial of service, man-in the-middle attack, execute\n arbitrary code, conduct spoofing and clickjacking attacks and local privilege\n escalation.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox before version 36.0 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 36.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031792\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-26\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"36.0\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: 36.0\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310882560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882560", "title": "CentOS Update for firefox CESA-2016:1912 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1912 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882560\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:41:25 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\",\n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\",\n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1912 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,\nCVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\nCVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Samuel Grob, Brian Carpenter, Mei Wang, Ryan Duff,\nCatalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp,\nCarsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1912\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.4.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "description": "This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310809326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809326", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mfsa_2016-85_2016-86_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809326\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-5270\", \"CVE-2016-5272\", \"CVE-2016-5276\", \"CVE-2016-5274\",\n \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\",\n \"CVE-2016-5284\", \"CVE-2016-5250\", \"CVE-2016-5261\", \"CVE-2016-5257\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 10:25:49 +0530 (Fri, 23 Sep 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-85_2016-86 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString.\n\n - Bad cast in nsImageGeometryMixin.\n\n - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList.\n\n - Use-after-free in nsFrameManager::CaptureFrameState.\n\n - Heap-use-after-free in nsRefreshDriver::Tick.\n\n - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame.\n\n - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap.\n\n - Use-after-free in DOMSVGLength.\n\n - Add-on update site certificate pin expiration.\n\n - Resource Timing API is storing resources sent by the previous page.\n\n - Integer overflow and memory corruption in WebSocketChannel\n\n - Memory safety bugs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities allow remote attackers to cause a denial of service, to execute\n arbitrary code, to obtain sensitive full-pathname information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.4 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 45.4\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.4\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.4\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-09-23T00:00:00", "id": "OPENVAS:1361412562310882559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882559", "title": "CentOS Update for firefox CESA-2016:1912 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1912 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882559\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-23 05:41:05 +0200 (Fri, 23 Sep 2016)\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5257\", \"CVE-2016-5261\", \"CVE-2016-5270\",\n \"CVE-2016-5272\", \"CVE-2016-5274\", \"CVE-2016-5276\", \"CVE-2016-5277\",\n \"CVE-2016-5278\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1912 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272,\nCVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281,\nCVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Samuel Grob, Brian Carpenter, Mei Wang, Ryan Duff,\nCatalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan\nMinor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp,\nCarsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1912\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022090.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.4.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:27", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310882535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882535", "title": "CentOS Update for firefox CESA-2016:1551 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:1551 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882535\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:12:02 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2016-2830\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\",\n \"CVE-2016-5252\", \"CVE-2016-5254\", \"CVE-2016-5258\", \"CVE-2016-5259\",\n \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:1551 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.3.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252,\nCVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262,\nCVE-2016-5264, CVE-2016-5265, CVE-2016-2837)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary\nKwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni\nHuttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov,\nand Abdulrahman Alqabandi as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1551\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-August/022023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.3.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "modified": "2018-11-20T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310808641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808641", "title": "Mozilla Firefox Security Updates( mfsa_2016-62_2016-84 )-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2016-62_2016-84_macosx.nasl 12431 2018-11-20 09:21:00Z asteins $\n#\n# Mozilla Firefox Security Updates( mfsa_2016-62_2016-84 )-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808641\");\n script_version(\"$Revision: 12431 $\");\n script_cve_id(\"CVE-2016-5250\", \"CVE-2016-5268\", \"CVE-2016-5266\", \"CVE-2016-2835\",\n\t\t\"CVE-2016-5265\", \"CVE-2016-5264\", \"CVE-2016-5263\", \"CVE-2016-2837\",\n\t\t\"CVE-2016-5262\", \"CVE-2016-5261\", \"CVE-2016-5260\", \"CVE-2016-5259\",\n\t\t\"CVE-2016-5258\", \"CVE-2016-5255\", \"CVE-2016-5254\", \"CVE-2016-5253\",\n\t\t\"CVE-2016-0718\", \"CVE-2016-5252\", \"CVE-2016-5251\", \"CVE-2016-2838\",\n \"CVE-2016-2830\", \"CVE-2016-2836\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 14:54:29 +0530 (Mon, 08 Aug 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-62_2016-84 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the links mentioned in reference.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to spoof the address bar, to bypass the same origin\n policy, and conduct Universal XSS (UXSS) attacks, to read arbitrary files, to\n execute arbitrary code, to cause a denial of service, to discover cleartext\n passwords by reading a session restoration file and to obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 48 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 48\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"48\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"48\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-11-16T00:00:00", "id": "OPENVAS:1361412562310809806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809806", "title": "Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mfsa_2016-89_2016-90_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809806\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5297\",\n\t\t\"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-5291\", \"CVE-2016-9074\",\n\t\t\"CVE-2016-5290\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 13:10:33 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Write to arbitrary file with Mozilla Updater and Maintenance Service using\n updater.log hardlink.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:07", "bulletinFamily": "unix", "description": "Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827)\n\nChristoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)\n\nAtte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270)\n\nAbhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271)\n\nAbhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272)\n\nA crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273)\n\nA use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274)\n\nA buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275)\n\nA use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276)\n\nA use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277)\n\nA buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278)\n\nRafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279)\n\nMei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280)\n\nBrian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281)\n\nRichard Newman discovered that favicons can be loaded through non-whitelisted protocols, such as jar:. (CVE-2016-5282)\n\nGavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283)\n\nAn issue was discovered with the preloaded Public Key Pinning (HPKP). If a man-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284)", "modified": "2016-09-22T00:00:00", "published": "2016-09-22T00:00:00", "id": "USN-3076-1", "href": "https://usn.ubuntu.com/3076-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:50", "bulletinFamily": "unix", "description": "USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nChristian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635)\n\nBobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636)\n\nMichal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637)\n\nMuneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)\n\nXiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639)\n\nHolger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640)\n\nMitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641)\n\nBrian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642)", "modified": "2015-01-27T00:00:00", "published": "2015-01-27T00:00:00", "id": "USN-2458-3", "href": "https://usn.ubuntu.com/2458-3/", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T17:23:27", "bulletinFamily": "unix", "description": "USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox.\n\nOriginal advisory details:\n\nChristian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8634, CVE-2014-8635)\n\nBobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636)\n\nMichal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637)\n\nMuneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)\n\nXiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639)\n\nHolger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640)\n\nMitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641)\n\nBrian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642)", "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "id": "USN-2458-2", "href": "https://usn.ubuntu.com/2458-2/", "title": "Ubufox update", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:04", "bulletinFamily": "unix", "description": "Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718)\n\nToni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830)\n\nChristian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)\n\nA buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837)\n\nAtte Kettunen discovered a buffer overflow when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2838)\n\nBert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-2839)\n\nCatalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250)\n\nFiras Salem discovered an issue with non-ASCII and emoji characters in data: URLs. An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251)\n\nGeorg Koppen discovered a stack buffer underflow during 2D graphics rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5252)\n\nAbhishek Arya discovered a use-after-free when the alt key is used with top-level menus. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5254)\n\nJukka Jyl\u00e4nki discovered a crash during garbage collection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5255)\n\nLooben Yang discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5258)\n\nLooben Yang discovered a use-after-free when working with nested sync events in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259)\n\nMike Kaply discovered that plain-text passwords can be stored in session restore if an input field type is changed from \u201cpassword\u201d to \u201ctext\u201d during a session, leading to information disclosure. (CVE-2016-5260)\n\nSamuel Gro\u00df discovered an integer overflow in WebSockets during data buffering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5261)\n\nNikita Arykov discovered that JavaScript event handlers on a <marquee> element can execute in a sandboxed iframe without the allow-scripts flag set. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262)\n\nA type confusion bug was discovered in display transformation during rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5263)\n\nA use-after-free was discovered when applying effects to SVG elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5264)\n\nAbdulrahman Alqabandi discovered a same-origin policy violation relating to local HTML files and saved shortcut files. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265)\n\nRafael Gieschke discovered an information disclosure issue related to drag and drop. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266)\n\nA text injection issue was discovered with about: URLs. An attacker could potentially exploit this to spoof internal error pages. (CVE-2016-5268)", "modified": "2016-08-05T00:00:00", "published": "2016-08-05T00:00:00", "id": "USN-3044-1", "href": "https://usn.ubuntu.com/3044-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:19", "bulletinFamily": "unix", "description": "USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated \u201c-remote\u201d command-line switch that some older software still depends on. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMatthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819)\n\nJan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-0821)\n\nArmin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822)\n\nAtte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-0823)\n\nAtte Kettunen discovered a crash when drawing images using Cairo in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0824)\n\nAtte Kettunen discovered a buffer underflow during playback of MP3 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0825)\n\nAtte Kettunen discovered a buffer overflow during CSS restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0826)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827)\n\nA buffer overflow was discovered in libstagefright during video playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0829)\n\nDaniele Di Proietto discovered that WebGL could cause a crash in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0830)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0831)\n\nMuneaki Nishimura discovered that a period appended to a hostname could bypass key pinning and HSTS in some circumstances. A remote attacker could potentially exloit this to conduct a Man-in-the-middle (MITM) attack. (CVE-2015-0832)\n\nAlexander Kolesnik discovered that Firefox would attempt plaintext connections to servers when handling turns: and stuns: URIs. A remote attacker could potentially exploit this by conducting a Man-in-the-middle (MITM) attack in order to obtain credentials. (CVE-2015-0834)\n\nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0835, CVE-2015-0836)", "modified": "2015-03-09T00:00:00", "published": "2015-03-09T00:00:00", "id": "USN-2505-2", "href": "https://usn.ubuntu.com/2505-2/", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:31", "bulletinFamily": "unix", "description": "\nMozilla Foundation reports:\n\nCVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]\nCVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]\nCVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]\nCVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\nCVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]\nCVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]\nCVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]\nCVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]\nCVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\nCVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]\nCVE-2016-5283 - <iframe src> fragment timing attack can reveal cross-origin data [high]\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]\n\n", "modified": "2016-10-21T00:00:00", "published": "2016-09-13T00:00:00", "id": "2C57C47E-8BB3-4694-83C8-9FC3ABAD3964", "href": "https://vuxml.freebsd.org/freebsd/2c57c47e-8bb3-4694-83c8-9fc3abad3964.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-11 Miscellaneous memory safety hazards (rv:36.0\n\t / rv:31.5)\nMFSA-2015-12 Invoking Mozilla updater will load locally\n\t stored DLL files\nMFSA-2015-13 Appended period to hostnames can bypass HPKP\n\t and HSTS protections\nMFSA-2015-14 Malicious WebGL content crash when writing\n\t strings\nMFSA-2015-15 TLS TURN and STUN connections silently fail\n\t to simple TCP connections\nMFSA-2015-16 Use-after-free in IndexedDB\nMFSA-2015-17 Buffer overflow in libstagefright during MP4\n\t video playback\nMFSA-2015-18 Double-free when using non-default memory\n\t allocators with a zero-length XHR\nMFSA-2015-19 Out-of-bounds read and write while rendering\n\t SVG content\nMFSA-2015-20 Buffer overflow during CSS restyling\nMFSA-2015-21 Buffer underflow during MP3 playback\nMFSA-2015-22 Crash using DrawTarget in Cairo graphics\n\t library\nMFSA-2015-23 Use-after-free in Developer Console date\n\t with OpenType Sanitiser\nMFSA-2015-24 Reading of local files through manipulation\n\t of form autocomplete\nMFSA-2015-25 Local files or privileged URLs in pages can\n\t be opened into new tabs\nMFSA-2015-26 UI Tour whitelisted sites in background tab\n\t can spoof foreground tabs\nMFSA-2015-27 Caja Compiler JavaScript sandbox bypass\n\n", "modified": "2015-02-24T00:00:00", "published": "2015-02-24T00:00:00", "id": "99029172-8253-407D-9D8B-2CFEAB9ABF81", "href": "https://vuxml.freebsd.org/freebsd/99029172-8253-407d-9d8b-2cfeab9abf81.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "unix", "description": "\nMozilla Foundation reports:\n\nPlease reference CVE/URL list for details\n\n", "modified": "2016-09-20T00:00:00", "published": "2016-08-02T00:00:00", "id": "AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5", "href": "https://vuxml.freebsd.org/freebsd/aa1aefe3-6e37-47db-bfda-343ef4acb1b5.html", "title": "Mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:19", "bulletinFamily": "info", "description": "### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMozilaa Firefox versions earlier than 49 \nMozilla Firefox ESR versions earlier than 45.4\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Get Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Firefox advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/>) \n[Mozilla Firefox ESR advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-5284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284>)4.3Critical \n[CVE-2016-5281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281>)7.5Critical \n[CVE-2016-5280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280>)7.5Critical \n[CVE-2016-5278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278>)6.8Critical \n[CVE-2016-5277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277>)7.5Critical \n[CVE-2016-5276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276>)7.5Critical \n[CVE-2016-5274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274>)7.5Critical \n[CVE-2016-5272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272>)6.8Critical \n[CVE-2016-5270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270>)7.5Critical \n[CVE-2016-5257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257>)7.5Critical \n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>)5.0Critical \n[CVE-2016-5283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5283>)6.8Critical \n[CVE-2016-5282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5282>)4.3Critical \n[CVE-2016-5279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5279>)4.3Critical \n[CVE-2016-5275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5275>)6.8Critical \n[CVE-2016-5273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5273>)6.8Critical \n[CVE-2016-5271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5271>)4.3Critical \n[CVE-2016-5256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5256>)7.5Critical \n[CVE-2016-2827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2827>)4.3Critical \n[CVE-2016-5261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261>)7.5Critical", "modified": "2019-03-07T00:00:00", "published": "2016-09-13T00:00:00", "id": "KLA10876", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10876", "title": "\r KLA10876Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-21T00:15:02", "bulletinFamily": "info", "description": "### *Detect date*:\n08/02/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface, bypass security restrictions, conduct cross-site scripting or read local files.\n\n### *Affected products*:\nFirefox versions earlier than 48.0 \nFirefox ESR versions earlier than 45.3\n\n### *Solution*:\nUpdate to the latest version \n[Get Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Get Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisories page](<https://www.mozilla.org/en-US/security/advisories>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-5250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250>)5.0Critical \n[CVE-2016-5261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261>)7.5Critical \n[CVE-2016-2830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830>)4.3Critical \n[CVE-2016-2835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2835>)6.8Critical \n[CVE-2016-2836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836>)6.8Critical \n[CVE-2016-2837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837>)6.8Critical \n[CVE-2016-2838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2838>)6.8Critical \n[CVE-2016-2839](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2839>)4.3Critical \n[CVE-2016-5251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5251>)4.3Critical \n[CVE-2016-5252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5252>)6.8Critical \n[CVE-2016-5253](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5253>)4.7Critical \n[CVE-2016-5254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5254>)7.5Critical \n[CVE-2016-5255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5255>)6.8Critical \n[CVE-2016-5258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258>)6.8Critical \n[CVE-2016-5259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259>)6.8Critical \n[CVE-2016-5260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5260>)4.3Critical \n[CVE-2016-5262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262>)4.3Critical \n[CVE-2016-5263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5263>)6.8Critical \n[CVE-2016-5264](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5264>)6.8Critical \n[CVE-2016-5265](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265>)4.0Critical \n[CVE-2016-5266](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5266>)5.8Critical \n[CVE-2016-5267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5267>)4.3Critical \n[CVE-2016-5268](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5268>)4.3Critical", "modified": "2019-03-07T00:00:00", "published": "2016-08-02T00:00:00", "id": "KLA10852", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10852", "title": "\r KLA10852Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-21T00:14:57", "bulletinFamily": "info", "description": "### *Detect date*:\n02/24/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privilleges, obtain sensitiv information, execute arbitrary code, spoof user interface or read local files.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 36 \nMozilla Firefox ESR versions earlier than 31.5 \nMozilla Thunderbird versions earlier than 31.5\n\n### *Solution*:\nUpdate to latest version!\n\n### *Original advisories*:\n[MFSA 2015-11 \u2014 2015-27](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-0823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823>)7.5Critical \n[CVE-2015-0828](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828>)6.8Critical \n[CVE-2015-0834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834>)4.3Critical \n[CVE-2015-0835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835>)7.5Critical \n[CVE-2015-0836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836>)7.5Critical \n[CVE-2015-0825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825>)4.3Critical \n[CVE-2015-0831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831>)6.8Critical \n[CVE-2015-0830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830>)5.0Critical \n[CVE-2015-0824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824>)5.0Critical \n[CVE-2015-0827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827>)4.3Critical \n[CVE-2015-0829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829>)6.8Critical \n[CVE-2015-0822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822>)4.3Critical \n[CVE-2015-0833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833>)6.9Critical \n[CVE-2015-0826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826>)6.8Critical \n[CVE-2015-0820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820>)2.6Critical \n[CVE-2015-0832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832>)5.0Critical \n[CVE-2015-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821>)6.8Critical \n[CVE-2015-0819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819>)4.3Critical", "modified": "2019-03-07T00:00:00", "published": "2015-02-24T00:00:00", "id": "KLA10464", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10464", "title": "\r KLA10464Multiple vulnerabilities in Mozilla products ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Restrictions bypass, information spoofing, information leakage, buffer overflows, memory corruptions, DoS, code execution.", "modified": "2015-03-22T00:00:00", "published": "2015-03-22T00:00:00", "id": "SECURITYVULNS:VULN:14293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14293", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "unix", "description": "[45.3.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.3.0-1]\n- Update to 45.3.0 ESR\n[45.2.0-3]\n- Added fix for mozbz#256180\n[45.2.0-2]\n- Added fix for mozbz#975832, rhbz#1343202", "modified": "2016-08-03T00:00:00", "published": "2016-08-03T00:00:00", "id": "ELSA-2016-1551", "href": "http://linux.oracle.com/errata/ELSA-2016-1551.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "unix", "description": "[45.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.4.0-1]\n- Update to 45.4.0 ESR", "modified": "2016-09-21T00:00:00", "published": "2016-09-21T00:00:00", "id": "ELSA-2016-1912", "href": "http://linux.oracle.com/errata/ELSA-2016-1912.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-05-29T14:34:11", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.3.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni Huttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov, and Abdulrahman Alqabandi as the original reporters.", "modified": "2018-06-06T20:24:36", "published": "2016-08-03T08:36:50", "id": "RHSA-2016:1551", "href": "https://access.redhat.com/errata/RHSA-2016:1551", "type": "redhat", "title": "(RHSA-2016:1551) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:48", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.", "modified": "2018-06-06T20:24:27", "published": "2016-09-21T10:56:38", "id": "RHSA-2016:1912", "href": "https://access.redhat.com/errata/RHSA-2016:1912", "type": "redhat", "title": "(RHSA-2016:1912) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:1551\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.3.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni Huttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov, and Abdulrahman Alqabandi as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022023.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022024.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022026.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1551.html", "modified": "2016-08-03T14:41:11", "published": "2016-08-03T13:34:44", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/022023.html", "id": "CESA-2016:1551", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:1912\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.4.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Gro\u00df, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022088.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022089.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/022090.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1912.html", "modified": "2016-09-22T15:31:34", "published": "2016-09-22T13:23:33", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/022088.html", "id": "CESA-2016:1912", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:14", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3674-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 22, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 \n CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277\n CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.4.0esr-1~deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.4.0esr-1 of firefox-esr and in version 49.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-09-22T19:56:29", "published": "2016-09-22T19:56:29", "id": "DEBIAN:DSA-3674-1:A1E50", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00253.html", "title": "[SECURITY] [DSA 3674-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:51", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3640-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 \n CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259\n CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code,\ncross-site scriping, information disclosure and bypass of the same-origin\npolicy.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.3.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.3.0esr-1 for firefox-esr and 48.0-1 for firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-08-03T19:03:21", "published": "2016-08-03T19:03:21", "id": "DEBIAN:DSA-3640-1:D6912", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00218.html", "title": "[SECURITY] [DSA 3640-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:13", "bulletinFamily": "unix", "description": "Package : icedove\nVersion : 45.4.0-1~deb7u1\nCVE ID : CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261, CVE-2016-5257\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.4.0-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-10-16T17:20:47", "published": "2016-10-16T17:20:47", "id": "DEBIAN:DLA-658-1:FEEE0", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00014.html", "title": "[SECURITY] [DLA 658-1] icedove security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:32", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3757-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 11, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 \n CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple vulnerabilities may lead\nto the execution of arbitrary code, data leakage or bypass of the content\nsecurity policy.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.6.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-01-11T15:19:55", "published": "2017-01-11T15:19:55", "id": "DEBIAN:DSA-3757-1:6E6B3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00007.html", "title": "[SECURITY] [DSA 3757-1] icedove security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
