Vulners
Lucene search
MiracleLinux 4 : firefox-38.2.0-4.0.1.AXS4 (AXSA:2015-442:07)
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-442:07.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289629);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");
script_cve_id(
"CVE-2015-4473",
"CVE-2015-4475",
"CVE-2015-4478",
"CVE-2015-4479",
"CVE-2015-4480",
"CVE-2015-4484",
"CVE-2015-4485",
"CVE-2015-4486",
"CVE-2015-4487",
"CVE-2015-4488",
"CVE-2015-4489",
"CVE-2015-4491",
"CVE-2015-4492",
"CVE-2015-4493"
);
script_name(english:"MiracleLinux 4 : firefox-38.2.0-4.0.1.AXS4 (AXSA:2015-442:07)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2015-442:07 advisory.
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
With this update, following issues are fixed:
* CVE-2015-4473:
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR
38.x before 38.2
allow remote attackers to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
* CVE-2015-4475:
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles
inconsistent
sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code
or cause a denial of service (out-of-bounds read) via a malformed file.
* CVE-2015-4478:
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6
requirements on JavaScript
object properties, which allows remote attackers to bypass the Same Origin Policy
via the reviver parameter to the JSON.parse method.
* CVE-2015-4479:
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before
38.2 allow remote attackers
to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
* CVE-2015-4480:
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox
before 40.0
and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4
video data with H.264 encoding.
* CVE-2015-4484:
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox
before 40.0
and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash)
by
leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
* CVE-2015-4485:
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0
and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM
video data.
* CVE-2015-4486:
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2
allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via
malformed WebM video data.
* CVE-2015-4487:
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and
Firefox OS before 2.2
might allow remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, related to an overflow.
* CVE-2015-4488:
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR
38.x before 38.2,
and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a
StyleAnimationValue::operator self assignment.
* CVE-2015-4489:
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS
before 2.2
might allow remote attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact by leveraging a self assignment.
* CVE-2015-4491:
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used
in Mozilla Firefox
before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows
remote attackers
to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash)
via crafted bitmap
dimensions that are mishandled during scaling.
* CVE-2015-4492:
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and
Firefox ESR 38.x
before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes
recursive calls
to the open method of an XMLHttpRequest object.
* CVE-2015-4493:
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in
Mozilla Firefox
before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an
invalid size field
in an esds chunk in MPEG-4 video data.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5792");
script_set_attribute(attribute:"solution", value:
"Update the affected firefox package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4486");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-4484");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2015/08/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'firefox-38.2.0-4.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
{'reference':'firefox-38.2.0-4.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jan 2026 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 210
EPSS0.06981