Lucene search
K

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-062 (ALASFIREFOX-2026-062)

🗓️ 08 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Firefox on Amazon Linux 2 below 140.12.0-1 has multiple CVEs fixed in Firefox 152/ESR 140.12/115.37 and Thunderbird 152/140.12.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-12305
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12308
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12307
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12292
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12314
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12298
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-12295
16 Jun 202611:52
attackerkb
ATTACKERKB
CVE-2026-56406
21 Jun 202615:48
attackerkb
ATTACKERKB
CVE-2026-56408
21 Jun 202615:51
attackerkb
ATTACKERKB
CVE-2026-50219
4 Jun 202604:20
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASFIREFOX-2026-062.
##

include('compat.inc');

if (description)
{
  script_id(325581);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/08");

  script_cve_id(
    "CVE-2026-12289",
    "CVE-2026-12290",
    "CVE-2026-12291",
    "CVE-2026-12292",
    "CVE-2026-12294",
    "CVE-2026-12295",
    "CVE-2026-12296",
    "CVE-2026-12297",
    "CVE-2026-12298",
    "CVE-2026-12299",
    "CVE-2026-12302",
    "CVE-2026-12304",
    "CVE-2026-12305",
    "CVE-2026-12306",
    "CVE-2026-12307",
    "CVE-2026-12308",
    "CVE-2026-12309",
    "CVE-2026-12310",
    "CVE-2026-12311",
    "CVE-2026-12312",
    "CVE-2026-12313",
    "CVE-2026-12314",
    "CVE-2026-12315",
    "CVE-2026-12324",
    "CVE-2026-12325",
    "CVE-2026-12327",
    "CVE-2026-12328",
    "CVE-2026-12329",
    "CVE-2026-12330",
    "CVE-2026-50219",
    "CVE-2026-56131",
    "CVE-2026-56132",
    "CVE-2026-56208",
    "CVE-2026-56210",
    "CVE-2026-56211",
    "CVE-2026-56403",
    "CVE-2026-56404",
    "CVE-2026-56405",
    "CVE-2026-56406",
    "CVE-2026-56407",
    "CVE-2026-56408",
    "CVE-2026-56412"
  );
  script_xref(name:"IAVA", value:"2026-A-0607");

  script_name(english:"Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-062 (ALASFIREFOX-2026-062)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of firefox installed on the remote host is prior to 140.12.0-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2FIREFOX-2026-062 advisory.

    Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12289)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12290)

    Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12291)

    Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12292)

    Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12294)

    Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12295)

    Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12296)

    Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was
    fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
    (CVE-2026-12297)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12298)

    JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox
    ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12299)

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12302)

    Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox
    152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12304)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12305)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12306)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12307)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12308)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12309)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12310)

    Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability
    was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12311)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12312)

    Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability
    was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12313)

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12314)

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR
    140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12315)

    Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in
    Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12324)

    Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12325)

    Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of
    these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152,
    Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. (CVE-2026-12327)

    Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151
    and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with
    enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed
    in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
    (CVE-2026-12328)

    Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and
    Thunderbird 140.12. (CVE-2026-12329)

    Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in
    Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. (CVE-2026-12330)

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse,
    XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.
    Thus, a use-after-free can occur, (CVE-2026-50219)

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers
    in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219
    situation). (CVE-2026-56131)

    In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold
    backing array reallocation is mishandled when there is data-structure sharing across parsers.
    (CVE-2026-56132)

    A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw
    in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around
    guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds
    write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can
    influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a
    denial of service (process crash) or potentially achieve code execution. (CVE-2026-56208)

    A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A
    missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a
    spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of
    approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC
    encoder parameters in a network-facing service could exploit this for information disclosure (heap content
    leak) or denial of service (segmentation fault from hitting unmapped memory). (CVE-2026-56210)

    A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation.
    Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an
    attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures.
    In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map
    pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve
    arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding
    enabled and accept attacker-supplied video frames. (CVE-2026-56211)

    libexpat before 2.8.2 has an integer overflow in storeAtts. (CVE-2026-56403)

    libexpat before 2.8.2 has an integer overflow in addBinding. (CVE-2026-56404)

    libexpat before 2.8.2 has an integer overflow in getAttributeId. (CVE-2026-56405)

    libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was
    present in XML_Parse. (CVE-2026-56406)

    libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity
    textLen. (CVE-2026-56407)

    libexpat before 2.8.2 has an integer overflow in copyString. (CVE-2026-56408)

    libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call
    depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-
    free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. (CVE-2026-56412)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2/ALAS2FIREFOX-2026-062.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12289.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12290.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12291.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12292.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12294.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12295.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12296.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12297.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12298.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12299.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12302.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12304.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12305.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12306.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12307.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12308.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12309.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12310.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12311.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12312.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12313.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12314.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12315.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12324.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12325.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12327.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12328.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12329.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-12330.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-50219.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56131.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56132.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56208.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56210.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56211.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56403.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56404.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56405.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56406.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56407.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56408.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-56412.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update firefox' or
  or 'yum update --advisory ALAS2FIREFOX-2026-062' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-56412");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-56405");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm2.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var REPOS_FOUND = TRUE;
var extras_list = get_kb_item("Host/AmazonLinux/extras_label_list");
if (isnull(extras_list)) REPOS_FOUND = FALSE;
var repository = '"amzn2extra-firefox"';
if (REPOS_FOUND && (repository >!< extras_list)) exit(0, AFFECTED_REPO_NOT_ENABLED);

var pkgs = [
    {'reference':'firefox-140.12.0-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'firefox-140.12.0-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = rpm_report_get();
  if (!REPOS_FOUND) extra = rpm_report_get() + report_repo_caveat();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation