Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FIREFOX_50_0.NASLHistoryNov 18, 2016 - 12:00 a.m.
Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)
2016-11-1800:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(94958);
script_version("1.7");
script_cvs_date("Date: 2019/11/14");
script_cve_id(
"CVE-2016-5289",
"CVE-2016-5290",
"CVE-2016-5291",
"CVE-2016-5292",
"CVE-2016-5296",
"CVE-2016-5297",
"CVE-2016-9063",
"CVE-2016-9064",
"CVE-2016-9066",
"CVE-2016-9067",
"CVE-2016-9068",
"CVE-2016-9069",
"CVE-2016-9070",
"CVE-2016-9071",
"CVE-2016-9073",
"CVE-2016-9074",
"CVE-2016-9075",
"CVE-2016-9076",
"CVE-2016-9077"
);
script_bugtraq_id(
94335,
94336,
94337,
94339,
94341
);
script_xref(name:"MFSA", value:"2016-89");
script_name(english:"Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote macOS or Mac OS X host contains a web browser that is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox installed on the remote macOS or Mac
OS X host is prior to 50.0. It is, therefore, affected by multiple
vulnerabilities, the majority of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these
vulnerabilities by convincing a user to visit a specially crafted
website, resulting in the execution of arbitrary code in the context
of the current user.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox version 50.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9075");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/15");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'50', severity:SECURITY_HOLE);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9077
www.mozilla.org/en-US/security/advisories/mfsa2016-89/
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-89) - Linux
2021-11-08 00:00:00
openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)
2016-11-19 00:00:00
Ubuntu: Security Advisory (USN-3124-1)
2016-11-19 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-11-19 00:00:00
Thunderbird vulnerabilities
2016-12-01 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-11-18 17:06:44
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-05 21:07:10
Security update for Mozilla Firefox, Thunderbird and NSS (important)
2016-12-05 19:07:18
nessus
nessus
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)
2016-11-21 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3124-1)
2016-11-21 00:00:00
Mozilla Firefox < 50.0 Multiple Vulnerabilities
2016-11-18 00:00:00
archlinux
archlinux
[ASA-201611-16] firefox: multiple issues
2016-11-16 00:00:00
kaspersky
kaspersky
KLA11272 Multiple vulnerabilities in Mozilla Firefox
2016-11-15 00:00:00
debian
debian
[SECURITY] [DSA 3716-1] firefox-esr security update
2016-11-16 21:27:57
[SECURITY] [DLA 730-1] firefox-esr security update
2016-12-01 21:45:13
[SECURITY] [DSA 3730-1] icedove security update
2016-12-11 16:05:42
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2016-11-17 17:10:52
Updated thunderbird packages fix security vulnerabilities
2016-12-06 00:49:27
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
centos
centos
firefox security update
2016-11-19 11:43:55
thunderbird security update
2016-12-01 15:29:44
redhat
redhat
(RHSA-2016:2780) Critical: firefox security update
2016-11-16 00:00:00
(RHSA-2016:2825) Important: thunderbird security update
2016-11-29 00:00:00
oraclelinux
oraclelinux
firefox security update
2016-11-16 00:00:00
thunderbird security update
2016-11-29 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 50 — Mozilla
2016-11-15 00:00:00
Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla
2016-11-18 00:00:00
Security vulnerabilities fixed in Firefox ESR 45.5 — Mozilla
2016-11-15 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-11-15 00:00:00
osv
osv
firefox-esr - security update
2016-12-01 00:00:00
icedove - security update
2016-12-17 00:00:00
CVE-2016-9063
2018-06-11 21:29:00
ibm
ibm
redhatcve
redhatcve
prion
prion
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
veracode
veracode
Certificate Validation Bypas
2019-05-02 06:02:31
Denial Of Service (DoS)
2019-01-15 09:14:49
Denial Of Service (DoS) Through Integer Overflow
2017-09-07 02:02:13
seebug
seebug
myhack58
myhack58
Related for MACOSX_FIREFOX_50_0.NASL