Search...

Fedora 17 : firefox-19.0-1.fc17 / thunderbird-17.0.3-1.fc17 / xulrunner-19.0-1.fc17 (2013-2773)

2013-02-24T00:00:00

ID FEDORA_2013-2773.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
Modified 2013-02-24T00:00:00

Description

Built-in PDF viewer

Canvas elements can export their content as an image blob using canvas.toBlob()

Startup performance improvements (bugs 715402 and 756313)

Debugger now supports pausing on exceptions and hiding non-enumerable properties

Remote Web Console is available for connecting to Firefox on Android or Firefox OS (experimental, set devtools.debugger.remote-enabled to true)

There is now a Browser Debugger available for add-on and browser developers (experimental, set devtools.chrome.enabled to true)

Web Console CSS links now open in the Style Editor

CSS @page is now supported

HTML5 CSS viewport-percentage length units implemented (vh, vw, vmin and vmax)

CSS text-transform now supports full-width Fixed :

Certain valid WebGL drawing operations are incorrectly rejected, leaving incomplete rendering in affected pages (825205)

Starting Firefox with -private flag incorrectly claims you are not in Private Browsing mode (802274)

Plugins stop rendering when the top half of the plugin is scrolled off the top of the page, in HiDPI mode (825734)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-2773.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64857);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_bugtraq_id(58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051);
  script_xref(name:"FEDORA", value:"2013-2773");

  script_name(english:"Fedora 17 : firefox-19.0-1.fc17 / thunderbird-17.0.3-1.fc17 / xulrunner-19.0-1.fc17 (2013-2773)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Built-in PDF viewer

    - Canvas elements can export their content as an image
      blob using canvas.toBlob()

    - Startup performance improvements (bugs 715402 and
      756313)

    - Debugger now supports pausing on exceptions and hiding
      non-enumerable properties

    - Remote Web Console is available for connecting to
      Firefox on Android or Firefox OS (experimental, set
      devtools.debugger.remote-enabled to true)

    - There is now a Browser Debugger available for add-on
      and browser developers (experimental, set
      devtools.chrome.enabled to true)

    - Web Console CSS links now open in the Style Editor

    - CSS @page is now supported

    - HTML5 CSS viewport-percentage length units implemented
      (vh, vw, vmin and vmax)

    - CSS text-transform now supports full-width Fixed :

  - Certain valid WebGL drawing operations are incorrectly
    rejected, leaving incomplete rendering in affected pages
    (825205)

    - Starting Firefox with -private flag incorrectly claims
      you are not in Private Browsing mode (802274)

    - Plugins stop rendering when the top half of the plugin
      is scrolled off the top of the page, in HiDPI mode
      (825734)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099126.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1ca53f89"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099127.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8e666e5b"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099128.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?223790e6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected firefox, thunderbird and / or xulrunner packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xulrunner");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"firefox-19.0-1.fc17")) flag++;
if (rpm_check(release:"FC17", reference:"thunderbird-17.0.3-1.fc17")) flag++;
if (rpm_check(release:"FC17", reference:"xulrunner-19.0-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / thunderbird / xulrunner");
}

JSON Vulners Source

Initial Source

{"id": "FEDORA_2013-2773.NASL", "bulletinFamily": "scanner", "title": "Fedora 17 : firefox-19.0-1.fc17 / thunderbird-17.0.3-1.fc17 / xulrunner-19.0-1.fc17 (2013-2773)", "description": " - Built-in PDF viewer\n\n - Canvas elements can export their content as an image\n blob using canvas.toBlob()\n\n - Startup performance improvements (bugs 715402 and\n 756313)\n\n - Debugger now supports pausing on exceptions and hiding\n non-enumerable properties\n\n - Remote Web Console is available for connecting to\n Firefox on Android or Firefox OS (experimental, set\n devtools.debugger.remote-enabled to true)\n\n - There is now a Browser Debugger available for add-on\n and browser developers (experimental, set\n devtools.chrome.enabled to true)\n\n - Web Console CSS links now open in the Style Editor\n\n - CSS @page is now supported\n\n - HTML5 CSS viewport-percentage length units implemented\n (vh, vw, vmin and vmax)\n\n - CSS text-transform now supports full-width Fixed :\n\n - Certain valid WebGL drawing operations are incorrectly\n rejected, leaving incomplete rendering in affected pages\n (825205)\n\n - Starting Firefox with -private flag incorrectly claims\n you are not in Private Browsing mode (802274)\n\n - Plugins stop rendering when the top half of the plugin\n is scrolled off the top of the page, in HiDPI mode\n (825734)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2013-02-24T00:00:00", "modified": "2013-02-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/64857", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?223790e6", "http://www.nessus.org/u?1ca53f89", "http://www.nessus.org/u?8e666e5b"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-12T10:11:43", "edition": 12, "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2021-01-12T10:11:43", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2021-01-12T10:11:43", "rev": 2}, "vulnersScore": -0.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-2773.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64857);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(58034, 58036, 58037, 58038, 58040, 58041, 58042, 58043, 58044, 58047, 58048, 58049, 58050, 58051);\n script_xref(name:\"FEDORA\", value:\"2013-2773\");\n\n script_name(english:\"Fedora 17 : firefox-19.0-1.fc17 / thunderbird-17.0.3-1.fc17 / xulrunner-19.0-1.fc17 (2013-2773)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Built-in PDF viewer\n\n - Canvas elements can export their content as an image\n blob using canvas.toBlob()\n\n - Startup performance improvements (bugs 715402 and\n 756313)\n\n - Debugger now supports pausing on exceptions and hiding\n non-enumerable properties\n\n - Remote Web Console is available for connecting to\n Firefox on Android or Firefox OS (experimental, set\n devtools.debugger.remote-enabled to true)\n\n - There is now a Browser Debugger available for add-on\n and browser developers (experimental, set\n devtools.chrome.enabled to true)\n\n - Web Console CSS links now open in the Style Editor\n\n - CSS @page is now supported\n\n - HTML5 CSS viewport-percentage length units implemented\n (vh, vw, vmin and vmax)\n\n - CSS text-transform now supports full-width Fixed :\n\n - Certain valid WebGL drawing operations are incorrectly\n rejected, leaving incomplete rendering in affected pages\n (825205)\n\n - Starting Firefox with -private flag incorrectly claims\n you are not in Private Browsing mode (802274)\n\n - Plugins stop rendering when the top half of the plugin\n is scrolled off the top of the page, in HiDPI mode\n (825734)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ca53f89\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e666e5b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/099128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?223790e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox, thunderbird and / or xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"firefox-19.0-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"thunderbird-17.0.3-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"xulrunner-19.0-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / thunderbird / xulrunner\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "64857", "cpe": ["p-cpe:/a:fedoraproject:fedora:xulrunner", "p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:thunderbird"], "scheme": null}