Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FIREFOX_38_6_ESR.NASLHistoryJan 28, 2016 - 12:00 a.m.
Firefox ESR < 38.6 Multiple Vulnerabilities (Mac OS X)
2016-01-2800:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
81.0%
The version of Firefox ESR installed on the remote Mac OS X host is prior to 38.6. It is, therefore, affected by the following vulnerabilities :
-
Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-1930) -
A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(88458);
script_version("1.8");
script_cvs_date("Date: 2019/11/20");
script_cve_id("CVE-2016-1930", "CVE-2016-1935");
script_xref(name:"MFSA", value:"2016-01");
script_xref(name:"MFSA", value:"2016-03");
script_name(english:"Firefox ESR < 38.6 Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox ESR installed on the remote Mac OS X host is
prior to 38.6. It is, therefore, affected by the following
vulnerabilities :
- Multiple unspecified memory corruption issues exist that
allow a remote attacker to execute arbitrary code.
(CVE-2016-1930)
- A buffer overflow condition exists in WebGL that is
triggered when handling cache out-of-memory error
conditions. A remote attacker can exploit this to
execute arbitrary code. (CVE-2016-1935)");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox ESR version 38.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1930");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/26");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR");
mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'38.6', severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox_esr | cpe:/a:mozilla:firefox_esr |
Related
oraclelinux
oraclelinux
firefox security update
2016-01-27 00:00:00
thunderbird security update
2016-02-18 00:00:00
nessus
nessus
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0071)
2016-01-28 00:00:00
openSUSE Security Update : xulrunner (openSUSE-2016-127)
2016-02-03 00:00:00
CentOS 5 / 6 / 7 : firefox (CESA-2016:0071)
2016-01-28 00:00:00
openvas
openvas
CentOS Update for firefox CESA-2016:0071 centos6
2016-01-28 00:00:00
CentOS Update for firefox CESA-2016:0071 centos7
2016-01-28 00:00:00
Oracle: Security Advisory (ELSA-2016-0258)
2016-02-22 00:00:00
centos
centos
firefox security update
2016-01-27 13:24:01
thunderbird security update
2016-02-18 17:19:24
veracode
veracode
Buffer Overflow
2019-05-02 05:24:07
Denial Of Service (DoS)
2019-01-15 09:10:01
suse
suse
Security update for xulrunner (important)
2016-02-02 02:14:21
redhat
redhat
(RHSA-2016:0071) Critical: firefox security update
2016-01-27 00:00:00
(RHSA-2016:0258) Important: thunderbird security update
2016-02-18 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2016-01-29 14:02:50
Updated thunderbird packages fix security vulnerability
2016-02-17 22:06:01
debian
debian
[SECURITY] [DSA 3457-1] iceweasel security update
2016-01-27 21:00:03
[SECURITY] [DSA 3491-1] icedove security update
2016-02-24 22:03:08
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-03-08 00:00:00
Firefox vulnerabilities
2016-01-27 00:00:00
Firefox regression
2016-02-08 00:00:00
cvelist
cvelist
CVE-2016-1930
2016-01-31 18:00:00
CVE-2016-1935
2016-01-31 18:00:00
nvd
nvd
CVE-2016-1930
2016-01-31 18:59:00
CVE-2016-1935
2016-01-31 18:59:03
cve
cve
CVE-2016-1930
2016-01-31 18:59:00
CVE-2016-1935
2016-01-31 18:59:03
prion
prion
Memory corruption
2016-01-31 18:59:00
Buffer overflow
2016-01-31 18:59:00
archlinux
archlinux
thunderbird: multiple issues
2016-02-21 00:00:00
ubuntucve
ubuntucve
CVE-2016-1935
2016-01-26 00:00:00
CVE-2016-1930
2016-01-26 00:00:00
mozilla
mozilla
Buffer overflow in WebGL after out of memory allocation — Mozilla
2016-01-26 00:00:00
Miscellaneous memory safety hazards (rv:44.0 / rv:38.6) — Mozilla
2016-01-26 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-01-26 00:00:00
kaspersky
kaspersky
KLA10748 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-01-26 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
81.0%
Related for MACOSX_FIREFOX_38_6_ESR.NASL