Search...

Firefox ESR < 38.8 Multiple Vulnerabilities

2016-04-29T00:00:00

ID MOZILLA_FIREFOX_38_8_ESR.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

The version of Firefox ESR installed on the remote Windows host is prior to 38.8. It is, therefore, affected by multiple vulnerabilities :

Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2805, CVE-2016-2807)

A flaw exists due to improper validation of user-supplied input when handling the 32-bit generation count of the underlying HashMap. A context-dependent attacker can exploit this to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2808)

A heap buffer overflow condition exists in the Google Stagefright component due to improper validation of user-supplied input when handling CENC offsets and the sizes table. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-2814)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90791);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id(
    "CVE-2016-2805",
    "CVE-2016-2807",
    "CVE-2016-2808",
    "CVE-2016-2814"
  );
  script_bugtraq_id(88099, 88100);
  script_xref(name:"MFSA", value:"2016-39");
  script_xref(name:"MFSA", value:"2016-44");
  script_xref(name:"MFSA", value:"2016-47");

  script_name(english:"Firefox ESR &lt; 38.8 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR installed on the remote Windows host is
prior to 38.8. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple memory corruption issues exist that allow an
    attacker to corrupt memory, resulting in the execution
    of arbitrary code. (CVE-2016-2805, CVE-2016-2807)

  - A flaw exists due to improper validation of
    user-supplied input when handling the 32-bit generation
    count of the underlying HashMap. A context-dependent
    attacker can exploit this to cause a buffer overflow
    condition, resulting in a denial of service or the
    execution of arbitrary code. (CVE-2016-2808)

  - A heap buffer overflow condition exists in the Google
    Stagefright component due to improper validation of
    user-supplied input when handling CENC offsets and the
    sizes table. A context-dependent attacker can exploit
    this to cause a denial of service condition or the
    execution of arbitrary code. (CVE-2016-2814)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox ESR version 38.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2807");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'38.8', severity:SECURITY_HOLE);

JSON Vulners Source

Initial Source

{"id": "MOZILLA_FIREFOX_38_8_ESR.NASL", "bulletinFamily": "scanner", "title": "Firefox ESR < 38.8 Multiple Vulnerabilities", "description": "The version of Firefox ESR installed on the remote Windows host is\nprior to 38.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n attacker to corrupt memory, resulting in the execution\n of arbitrary code. (CVE-2016-2805, CVE-2016-2807)\n\n - A flaw exists due to improper validation of\n user-supplied input when handling the 32-bit generation\n count of the underlying HashMap. A context-dependent\n attacker can exploit this to cause a buffer overflow\n condition, resulting in a denial of service or the\n execution of arbitrary code. (CVE-2016-2808)\n\n - A heap buffer overflow condition exists in the Google\n Stagefright component due to improper validation of\n user-supplied input when handling CENC offsets and the\n sizes table. A context-dependent attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2814)", "published": "2016-04-29T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/90791", "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/", "https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/"], "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "type": "nessus", "lastseen": "2021-01-01T03:49:41", "edition": 26, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3559-1:D3A06", "DEBIAN:DSA-3576-1:22B82", "DEBIAN:DLA-472-1:66A23", "DEBIAN:DLA-472-2:D2F48"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1258-1", "OPENSUSE-SU-2016:1778-1", "SUSE-SU-2016:1352-1", "OPENSUSE-SU-2016:1211-1", "SUSE-SU-2016:1374-1", "OPENSUSE-SU-2016:1767-1", "OPENSUSE-SU-2016:1769-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122931", "OPENVAS:1361412562310807681", "OPENVAS:703559", "OPENVAS:1361412562310807680", "OPENVAS:1361412562310131293", "OPENVAS:1361412562310882479", "OPENVAS:1361412562310882480", "OPENVAS:1361412562310703559", "OPENVAS:1361412562310882478", "OPENVAS:1361412562310851301"]}, {"type": "nessus", "idList": ["SUSE_SU-2016-1258-1.NASL", "SUSE_SU-2016-1374-1.NASL", "DEBIAN_DSA-3559.NASL", "SUSE_SU-2016-1352-1.NASL", "SUSE_SU-2016-1342-1.NASL", "ORACLELINUX_ELSA-2016-0695.NASL", "MACOSX_FIREFOX_38_8_ESR.NASL", "SL_20160426_FIREFOX_ON_SL5_X.NASL", "CENTOS_RHSA-2016-0695.NASL", "REDHAT-RHSA-2016-0695.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0695", "ELSA-2016-1041"]}, {"type": "centos", "idList": ["CESA-2016:0695", "CESA-2016:1041"]}, {"type": "redhat", "idList": ["RHSA-2016:1041", "RHSA-2016:0695"]}, {"type": "freebsd", "idList": ["92D44F83-A7BF-41CF-91EE-3D1B8ECF579F"]}, {"type": "archlinux", "idList": ["ASA-201605-21", "ASA-201604-15"]}, {"type": "threatpost", "idList": ["THREATPOST:8F27BD0EF78B41D3BBEF88070DB6B93B"]}, {"type": "mozilla", "idList": ["MFSA2016-39", "MFSA2016-47", "MFSA2016-44"]}, {"type": "ubuntu", "idList": ["USN-2973-1", "USN-2936-1", "USN-2936-2", "USN-2936-3"]}, {"type": "kaspersky", "idList": ["KLA10795"]}, {"type": "gentoo", "idList": ["GLSA-201701-15"]}], "modified": "2021-01-01T03:49:41", "rev": 2}, "score": {"value": 8.9, "vector": "NONE", "modified": "2021-01-01T03:49:41", "rev": 2}, "vulnersScore": 8.9}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90791);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2805\",\n \"CVE-2016-2807\",\n \"CVE-2016-2808\",\n \"CVE-2016-2814\"\n );\n script_bugtraq_id(88099, 88100);\n script_xref(name:\"MFSA\", value:\"2016-39\");\n script_xref(name:\"MFSA\", value:\"2016-44\");\n script_xref(name:\"MFSA\", value:\"2016-47\");\n\n script_name(english:\"Firefox ESR < 38.8 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is\nprior to 38.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n attacker to corrupt memory, resulting in the execution\n of arbitrary code. (CVE-2016-2805, CVE-2016-2807)\n\n - A flaw exists due to improper validation of\n user-supplied input when handling the 32-bit generation\n count of the underlying HashMap. A context-dependent\n attacker can exploit this to cause a buffer overflow\n condition, resulting in a denial of service or the\n execution of arbitrary code. (CVE-2016-2808)\n\n - A heap buffer overflow condition exists in the Google\n Stagefright component due to improper validation of\n user-supplied input when handling CENC offsets and the\n sizes table. A context-dependent attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2814)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 38.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2807\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'38.8', severity:SECURITY_HOLE);\n", "naslFamily": "Windows", "pluginID": "90791", "cpe": ["cpe:/a:mozilla:firefox_esr"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:07:37", "description": "Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-30T17:59:00", "title": "CVE-2016-2814", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2814"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.5.0", "cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox_esr:38.6.1", "cpe:/a:mozilla:firefox_esr:38.7.0", "cpe:/a:mozilla:firefox:45.0.2", "cpe:/a:mozilla:firefox_esr:38.4.0", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/a:mozilla:firefox_esr:38.1.1", "cpe:/a:mozilla:firefox_esr:38.6.0", "cpe:/a:mozilla:firefox_esr:38.5.1", "cpe:/a:mozilla:firefox_esr:38.7.1", "cpe:/a:mozilla:firefox_esr:38.2.0", "cpe:/a:mozilla:firefox_esr:38.2.1", "cpe:/a:mozilla:firefox_esr:38.3.0", "cpe:/a:mozilla:firefox:45.0.1", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0"], "id": "CVE-2016-2814", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2814", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:37", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-30T17:59:00", "title": "CVE-2016-2807", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2807"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.5.0", "cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox_esr:38.6.1", "cpe:/a:mozilla:firefox_esr:38.7.0", "cpe:/a:mozilla:firefox:45.0.2", "cpe:/a:mozilla:firefox_esr:38.4.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/a:mozilla:firefox_esr:38.1.1", "cpe:/a:mozilla:firefox_esr:38.6.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.5.1", "cpe:/a:mozilla:firefox_esr:38.7.1", "cpe:/a:mozilla:firefox_esr:38.2.0", "cpe:/o:opensuse:leap:42.1", "cpe:/a:mozilla:firefox_esr:38.2.1", "cpe:/a:mozilla:firefox_esr:38.3.0", "cpe:/a:mozilla:firefox:45.0.1", "cpe:/o:suse:linux_enterprise:12.0", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0"], "id": "CVE-2016-2807", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2807", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:44", "description": "Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-30T17:59:00", "title": "CVE-2016-2805", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2805"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.5.0", "cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox_esr:38.6.1", "cpe:/a:mozilla:firefox_esr:38.7.0", "cpe:/a:mozilla:firefox_esr:38.4.0", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/a:mozilla:firefox_esr:38.1.1", "cpe:/a:mozilla:firefox_esr:38.6.0", "cpe:/a:mozilla:firefox_esr:38.5.1", "cpe:/a:mozilla:firefox_esr:38.7.1", "cpe:/a:mozilla:firefox_esr:38.2.0", "cpe:/a:mozilla:firefox_esr:38.2.1", "cpe:/a:mozilla:firefox_esr:38.3.0", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0"], "id": "CVE-2016-2805", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2805", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:37", "description": "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-30T17:59:00", "title": "CVE-2016-2808", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2808"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.5.0", "cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:firefox_esr:38.6.1", "cpe:/a:mozilla:firefox_esr:38.7.0", "cpe:/a:mozilla:firefox:45.0.2", "cpe:/a:mozilla:firefox_esr:38.4.0", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/a:mozilla:firefox_esr:38.1.1", "cpe:/a:mozilla:firefox_esr:38.6.0", "cpe:/a:mozilla:firefox_esr:38.5.1", "cpe:/a:mozilla:firefox_esr:38.7.1", "cpe:/a:mozilla:firefox_esr:38.2.0", "cpe:/a:mozilla:firefox_esr:38.2.1", "cpe:/a:mozilla:firefox_esr:38.3.0", "cpe:/a:mozilla:firefox:45.0.1", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0"], "id": "CVE-2016-2808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2808", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2019-05-30T02:21:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3559-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nbuffer overflows may lead to the execution of arbitrary code or denial\nof service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in\nversion 38.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.1.0esr-1 of the firefox-esr source package and version\n46.0-1 of the firefox source package.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2016-04-27T17:27:52", "published": "2016-04-27T17:27:52", "id": "DEBIAN:DSA-3559-1:D3A06", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00135.html", "title": "[SECURITY] [DSA 3559-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:51:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-1979", "CVE-2016-2807"], "description": "Package : icedove\nVersion : 31.8.0-1~deb7u1.1\nCVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807\nDebian Bug : #823430\n\nThe security update for icedove did not build on armhf. This is resolved\nby this upload.\n\nThe text of the original DLA follows:\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client. Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 "Wheezy", this problem has been fixed in version\n38.8.0-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\n\n", "edition": 6, "modified": "2016-05-18T20:48:26", "published": "2016-05-18T20:48:26", "id": "DEBIAN:DLA-472-2:D2F48", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00034.html", "title": "[SECURITY] [DLA 472-2] icedove regression update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-1979", "CVE-2016-2807"], "description": "Package : icedove\nVersion : 38.8.0-1~deb7u1\nCVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client. Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 "Wheezy", this problem has been fixed in version\n38.8.0-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\n", "edition": 2, "modified": "2016-05-14T13:56:12", "published": "2016-05-14T13:56:12", "id": "DEBIAN:DLA-472-1:66A23", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00024.html", "title": "[SECURITY] [DLA 472-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:52:09", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-1979", "CVE-2016-2807"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3576-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 13, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-1979 CVE-2016-2805 CVE-2016-2807\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0-1~deb8u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2016-05-13T17:59:18", "published": "2016-05-13T17:59:18", "id": "DEBIAN:DSA-3576-1:22B82", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00153.html", "title": "[SECURITY] [DSA 3576-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "This update to MozillaFirefox 38.8.0 ESR fixes the following issues\n (bsc#977333):\n\n - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977374)\n - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977376)\n - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -\n MFSA 2016-44 (bsc#977381)\n - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()\n - MFSA 2016-47 (bsc#977386)\n\n", "edition": 1, "modified": "2016-05-06T20:07:51", "published": "2016-05-06T20:07:51", "id": "SUSE-SU-2016:1258-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "edition": 1, "description": "Mozilla Firefox was updated to fix the following vulnerabilities\n (bsc#977333):\n\n * CVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA\n 2016-39, bsc#977374)\n * CVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox\n ESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376)\n * CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch() (MFSA 2016-47, bsc#977386)\n * CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets\n (MFSA 2016-44, bsc#977381)\n\n Security Issues:\n\n * CVE-2016-2805\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805</a>>\n * CVE-2016-2807\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807</a>>\n * CVE-2016-2808\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808</a>>\n * CVE-2016-2814\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814</a>>\n\n\n", "modified": "2016-05-18T21:07:42", "published": "2016-05-18T21:07:42", "id": "SUSE-SU-2016:1352-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "This update to MozillaFirefox 38.8.0 ESR fixes the following security\n issues (bsc#977333):\n\n - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977374)\n - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977376)\n - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()\n - MFSA 2016-47 (bsc#977386)\n - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -\n MFSA 2016-44 (bsc#977381)\n\n", "edition": 1, "modified": "2016-05-20T19:08:12", "published": "2016-05-20T19:08:12", "id": "SUSE-SU-2016:1374-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "This update to Mozilla Firefox 46.0 fixes several security issues and bugs\n (boo#977333).\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39\n (boo#977373)\n - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39\n (boo#977375)\n - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39\n (boo#977376)\n - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()\n - MFSA 2016-47 (boo#977386)\n - CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42\n (boo#977379)\n - CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42\n (boo#977379)\n - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -\n MFSA 2016-44 (boo#977381)\n - CVE-2016-2816: CSP not applied to pages sent with\n multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)\n - CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web\n extensions - MFSA 2016-46 (boo#977384)\n - CVE-2016-2820: Firefox Health Reports could accept events from untrusted\n domains - MFSA 2016-48 (boo#977388)\n\n The following miscellaneous changes are included:\n\n - Improved security of the JavaScript Just In Time (JIT) Compiler\n - WebRTC fixes to improve performance and stability\n - Added support for document.elementsFromPoint\n - Added HKDF support for Web Crypto API\n\n The following changes from Mozilla Firefox 45.0.2 are included:\n - Fix an issue impacting the cookie header when third-party cookies are\n blocked\n - Fix a web compatibility regression impacting the srcset attribute of the\n image tag\n - Fix a crash impacting the video playback with Media Source Extension\n - Fix a regression impacting some specific uploads\n - Fix a regression with the copy and paste with some old versions of some\n Gecko applications like Thunderbird\n\n The following changes from Mozilla Firefox 45.0.2 are included:\n\n - Fix a regression causing search engine settings to be lost in some\n context\n - Bring back non-standard jar: URIs to fix a regression in IBM iNotes\n - XSLTProcessor.importStylesheet was failing when import was used\n - Fix an issue which could cause the list of search provider to be empty\n - Fix a regression when using the location bar (bmo#1254503)\n - Fix some loading issues when Accept third-party cookies: was set to Never\n - Disabled Graphite font shaping library\n\n The minimum requirements increased to NSPR 4.12 and NSS 3.22.3.\n\n Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox\n 46.0, with the following changes:\n\n - Increase compatibility of TLS extended master secret, don't send an\n empty TLS extension last in the handshake (bmo#1243641)\n - RSA-PSS signatures are now supported\n - Pseudorandom functions based on hashes other than SHA-1 are now supported\n - Enforce an External Policy on NSS from a config file\n\n", "edition": 1, "modified": "2016-05-04T15:08:32", "published": "2016-05-04T15:08:32", "id": "OPENSUSE-SU-2016:1211-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html", "title": "Security update update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:08:02", "published": "2016-07-11T00:08:02", "id": "OPENSUSE-SU-2016:1769-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-11T00:13:17", "published": "2016-07-11T00:13:17", "id": "OPENSUSE-SU-2016:1778-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1953", "CVE-2016-2790", "CVE-2016-1957", "CVE-2016-2792", "CVE-2016-1977", "CVE-2016-2798", "CVE-2016-1974", "CVE-2016-2801", "CVE-2016-2797", "CVE-2016-1960", "CVE-2016-2815", "CVE-2016-2802", "CVE-2016-2800", "CVE-2016-1955", "CVE-2016-2795", "CVE-2016-2818", "CVE-2016-1952", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2796", "CVE-2016-2799", "CVE-2016-1956", "CVE-2016-2793", "CVE-2016-1961", "CVE-2016-2794", "CVE-2016-1954", "CVE-2016-2791", "CVE-2016-1964"], "description": "This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\n It fixes security issues mostly affecting the e-mail program when used in\n a browser context, such as viewing a web page or HTMl formatted e-mail.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549,\n MFSA2016-49)\n\n Contains the following security fixes from the 45.1 release: (boo#977333)\n\n - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards\n (boo#977375, boo#977376, MFSA 2016-39)\n\n Contains the following security fixes from the 45.0 release: (boo#969894)\n\n - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA\n 2016-16)\n - CVE-2016-1954: Local file overwriting and potential privilege escalation\n through CSP reports (MFSA 2016-17)\n - CVE-2016-1955: CSP reports fail to strip location information for\n embedded iframe pages (MFSA 2016-18)\n - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n - CVE-2016-1957: Memory leak in libstagefright when deleting an array\n during MP4 processing (MFSA 2016-20)\n - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed\n allocation (MFSA 2016-34)\n\n The graphite font shaping library was disabled, addressing the following\n font vulnerabilities:\n\n - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\n The following tracked packaging changes are included:\n\n - fix build issues with gcc/binutils combination used in Leap 42.2\n (boo#984637)\n - gcc6 fixes (boo#986162)\n - running on 48bit va aarch64 (boo#984126)\n\n", "edition": 1, "modified": "2016-07-10T16:08:00", "published": "2016-07-10T16:08:00", "id": "OPENSUSE-SU-2016:1767-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T09:49:35", "description": "Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and buffer overflows may lead to the execution of arbitrary\ncode or denial of service.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-28T00:00:00", "title": "Debian DSA-3559-1 : iceweasel - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2016-04-28T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:iceweasel", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3559.NASL", "href": "https://www.tenable.com/plugins/nessus/90767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3559. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90767);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_xref(name:\"DSA\", value:\"3559\");\n\n script_name(english:\"Debian DSA-3559-1 : iceweasel - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser: Multiple memory safety\nerrors and buffer overflows may lead to the execution of arbitrary\ncode or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/iceweasel\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3559\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the iceweasel packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 38.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 38.8.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.8.0esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-csb\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ku\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zu\", reference:\"38.8.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:28:26", "description": "The version of Firefox ESR installed on the remote Mac OS X host is\nprior to 38.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n attacker to corrupt memory, resulting in the execution\n of arbitrary code. (CVE-2016-2805, CVE-2016-2807)\n\n - A flaw exists due to improper validation of\n user-supplied input when handling the 32-bit generation\n count of the underlying HashMap. A context-dependent\n attacker can exploit this to cause a buffer overflow\n condition, resulting in a denial of service or the\n execution of arbitrary code. (CVE-2016-2808)\n\n - A heap buffer overflow condition exists in the Google\n Stagefright component due to improper validation of\n user-supplied input when handling CENC offsets and the\n sizes table. A context-dependent attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2814)", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-29T00:00:00", "title": "Firefox ESR < 38.8 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_38_8_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/90788", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90788);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-2805\",\n \"CVE-2016-2807\",\n \"CVE-2016-2808\",\n \"CVE-2016-2814\"\n );\n script_bugtraq_id(88099, 88100);\n script_xref(name:\"MFSA\", value:\"2016-39\");\n script_xref(name:\"MFSA\", value:\"2016-44\");\n script_xref(name:\"MFSA\", value:\"2016-47\");\n\n script_name(english:\"Firefox ESR < 38.8 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Mac OS X host is\nprior to 38.8. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple memory corruption issues exist that allow an\n attacker to corrupt memory, resulting in the execution\n of arbitrary code. (CVE-2016-2805, CVE-2016-2807)\n\n - A flaw exists due to improper validation of\n user-supplied input when handling the 32-bit generation\n count of the underlying HashMap. A context-dependent\n attacker can exploit this to cause a buffer overflow\n condition, resulting in a denial of service or the\n execution of arbitrary code. (CVE-2016-2808)\n\n - A heap buffer overflow condition exists in the Google\n Stagefright component due to improper validation of\n user-supplied input when handling CENC offsets and the\n sizes table. A context-dependent attacker can exploit\n this to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2016-2814)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 38.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2807\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'38.8', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:55", "description": "This update to MozillaFirefox 38.8.0 ESR fixes the following issues\n(bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-09T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:1258-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"], "id": "SUSE_SU-2016-1258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90994);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:1258-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to MozillaFirefox 38.8.0 ESR fixes the following issues\n(bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2814/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161258-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?679ba543\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-732=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-732=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-732=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-732=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-732=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-732=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-38.8.0esr-66.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.8.0esr-66.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:45:41", "description": "This update to MozillaFirefox 38.8.0 ESR fixes the following security\nissues (bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-19T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1342-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2016-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"], "id": "SUSE_SU-2016-1342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1342-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91250);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1342-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to MozillaFirefox 38.8.0 ESR fixes the following security\nissues (bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2814/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161342-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37fe6163\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-MozillaFirefox-12564=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-MozillaFirefox-12564=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-38.8.0esr-40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-translations-38.8.0esr-40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:45:42", "description": "This update to MozillaFirefox 38.8.0 ESR fixes the following security\nissues (bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-23T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2016-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozilla-nspr", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libsoftokn3"], "id": "SUSE_SU-2016-1374-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1374-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91298);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to MozillaFirefox 38.8.0 ESR fixes the following security\nissues (bsc#977333) :\n\n - CVE-2016-2805: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards -\n MFSA 2016-39 (bsc#977376)\n\n - CVE-2016-2808: Write to invalid HashMap entry through\n JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with\n CENC offsets - MFSA 2016-44 (bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2814/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161374-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76dae333\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-MozillaFirefox-12569=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-MozillaFirefox-12569=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-MozillaFirefox-12569=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-MozillaFirefox-12569=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-MozillaFirefox-12569=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-MozillaFirefox-12569=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-MozillaFirefox-12569=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-MozillaFirefox-12569=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-38.8.0esr-40.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-38.8.0esr-40.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nspr-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nspr-32bit-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nspr-32bit-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-38.8.0esr-40.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-38.8.0esr-40.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nspr-4.12-26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.20.2-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.20.2-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:01", "description": "Mozilla Firefox was updated to fix the following vulnerabilities\n(bsc#977333) :\n\nCVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA\n2016-39, bsc#977374)\n\nCVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox\nESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376)\n\nCVE-2016-2808: Write to invalid HashMap entry through\nJavaScript.watch() (MFSA 2016-47, bsc#977386)\n\nCVE-2016-2814: Buffer overflow in libstagefright with CENC offsets\n(MFSA 2016-44, bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-20T00:00:00", "title": "SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2016:1352-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "modified": "2016-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2016-1352-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1352-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91281);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n\n script_name(english:\"SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2016:1352-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to fix the following vulnerabilities\n(bsc#977333) :\n\nCVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA\n2016-39, bsc#977374)\n\nCVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox\nESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376)\n\nCVE-2016-2808: Write to invalid HashMap entry through\nJavaScript.watch() (MFSA 2016-47, bsc#977386)\n\nCVE-2016-2814: Buffer overflow in libstagefright with CENC offsets\n(MFSA 2016-44, bsc#977381)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977386\"\n );\n # https://download.suse.com/patch/finder/?keywords=c4a992c726ddbf623907944154d39624\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddee7cd3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2814/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161352-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed00da80\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"MozillaFirefox-38.8.0esr-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"MozillaFirefox-translations-38.8.0esr-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:14", "description": "This update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807,\n CVE-2016-2808, CVE-2016-2814)", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-27T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160426)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "modified": "2016-04-27T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160426_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90753);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160426)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807,\n CVE-2016-2808, CVE-2016-2814)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=15448\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb988b29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.1.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.1.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.1.0-1.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.1.0-1.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.1.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.1.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:36", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.", "edition": 32, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-27T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2016:0695)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-1526", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "modified": "2016-04-27T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/90723", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0695 and \n# CentOS Errata and Security Advisory 2016:0695 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90723);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1526\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_xref(name:\"RHSA\", value:\"2016:0695\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2016:0695)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4efd9d4a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021853.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32a70ef1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e36b249\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2805\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.1.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.1.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-45.1.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:38", "description": "From Red Hat Security Advisory 2016:0695 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-27T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0695)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-1526", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "modified": "2016-04-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/90747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0695 and \n# Oracle Linux Security Advisory ELSA-2016-0695 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90747);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-1526\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_xref(name:\"RHSA\", value:\"2016:0695\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0695)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:0695 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005965.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005966.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005967.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.1.0-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.1.0-1.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-45.1.0-1.0.1.el7_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:09:32", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-27T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2016:0695)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-1526", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "modified": "2016-04-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0695.NASL", "href": "https://www.tenable.com/plugins/nessus/90750", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0695. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90750);\n script_version(\"2.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1526\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_xref(name:\"RHSA\", value:\"2016:0695\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2016:0695)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-2805, CVE-2016-2806,\nCVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Phil Ringalda, CESG (the Information\nSecurity Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,\nTyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,\nGary Kwong, and Randell Jesup as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2814\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0695\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.1.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.1.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.1.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.1.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-45.1.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-45.1.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-19T22:11:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-05-02T00:00:00", "id": "OPENVAS:1361412562310807681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807681", "type": "openvas", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807681\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-2808\", \"CVE-2016-2814\", \"CVE-2016-2805\", \"CVE-2016-2807\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 13:12:33 +0530 (Mon, 02 May 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple unspecified vulnerabilities in the browser engine.\n\n - An error in the JavaScript engine.\n\n - Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo\n function in libstagefright.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause a denial of service,\n and to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version 38.x before\n 38.8 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 38.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"38.0\", test_version2:\"38.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"38.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "Multiple security issues have been found\nin Iceweasel, Debian", "modified": "2017-07-07T00:00:00", "published": "2016-04-27T00:00:00", "id": "OPENVAS:703559", "href": "http://plugins.openvas.org/nasl.php?oid=703559", "type": "openvas", "title": "Debian Security Advisory DSA 3559-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3559.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3559-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703559);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_name(\"Debian Security Advisory DSA 3559-1 (iceweasel - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-04-27 00:00:00 +0200 (Wed, 27 Apr 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3559.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"iceweasel on Debian Linux\");\n script_tag(name: \"insight\", value: \"This is a transitional package, it can be safely removed.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 38.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.1.0esr-1 of the firefox-esr source package and version\n46.0-1 of the firefox source package.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory\nsafety errors and buffer overflows may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.8.0esr-1~deb7u1\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.8.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-07T00:00:00", "id": "OPENVAS:1361412562310851301", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851301", "type": "openvas", "title": "SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2016:1258-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851301\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-07 05:19:49 +0200 (Sat, 07 May 2016)\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2016:1258-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to MozillaFirefox 38.8.0 ESR fixes the following issues\n (bsc#977333):\n\n - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977374)\n\n - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39\n (bsc#977376)\n\n - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -\n MFSA 2016-44 (bsc#977381)\n\n - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()\n\n - MFSA 2016-47 (bsc#977386)\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1258-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~38.8.0esr~66.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~38.8.0esr~66.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~38.8.0esr~66.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~38.8.0esr~66.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~38.8.0esr~66.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~38.8.0esr~66.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~38.8.0esr~66.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~38.8.0esr~66.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "Multiple security issues have been found\nin Iceweasel, Debian", "modified": "2019-03-18T00:00:00", "published": "2016-04-27T00:00:00", "id": "OPENVAS:1361412562310703559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703559", "type": "openvas", "title": "Debian Security Advisory DSA 3559-1 (iceweasel - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3559.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3559-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703559\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_name(\"Debian Security Advisory DSA 3559-1 (iceweasel - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-27 00:00:00 +0200 (Wed, 27 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3559.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"iceweasel on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 38.8.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.1.0esr-1 of the firefox-esr source package and version\n46.0-1 of the firefox source package.\n\nWe recommend that you upgrade your iceweasel packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory\nsafety errors and buffer overflows may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ak\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-csb\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ku\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lg\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nso\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta-lk\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zu\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmozjs17d-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-17.0-dbg\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xulrunner-dev\", ver:\"38.8.0esr-1~deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"38.8.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807"], "description": "This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-05-02T00:00:00", "id": "OPENVAS:1361412562310807680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807680", "type": "openvas", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807680\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-2808\", \"CVE-2016-2814\", \"CVE-2016-2805\", \"CVE-2016-2807\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 13:12:19 +0530 (Mon, 02 May 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-39_2016-48 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple unspecified vulnerabilities in the browser engine.\n\n - An error in the JavaScript engine.\n\n - Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo\n function in libstagefright.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to cause a denial of service,\n and to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version 38.x before\n 38.8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 38.8\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:ffVer, test_version:\"38.0\", test_version2:\"38.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"38.8\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-04-28T00:00:00", "id": "OPENVAS:1361412562310882479", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882479", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:0695 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:0695 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882479\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-28 05:16:35 +0200 (Thu, 28 Apr 2016)\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\",\n \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:0695 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808,\nCVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, CESG (the Information Security Arm of\nGCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris\nZbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell\nJesup as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0695\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021854.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "Mageia Linux Local Security Checks mgasa-2016-0158", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131293", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0158.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131293\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:17:56 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0158\");\n script_tag(name:\"insight\", value:\"Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0158.html\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0158\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.8.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"firefox-l10n\", rpm:\"firefox-l10n~38.8.0~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-04-27T00:00:00", "id": "OPENVAS:1361412562310882478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882478", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:0695 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:0695 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882478\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-27 05:19:04 +0200 (Wed, 27 Apr 2016)\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\",\n \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:0695 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808,\nCVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, CESG (the Information Security Arm of\nGCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris\nZbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell\nJesup as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0695\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021852.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-27T00:00:00", "id": "OPENVAS:1361412562310871604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871604", "type": "openvas", "title": "RedHat Update for firefox RHSA-2016:0695-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2016:0695-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871604\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-27 05:18:45 +0200 (Wed, 27 Apr 2016)\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\",\n \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2016:0695-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808,\nCVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, CESG (the Information Security Arm of\nGCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris\nZbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell\nJesup as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux\n(v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0695-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.1.0~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.1.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.1.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "Oracle Linux Local Security Checks ELSA-2016-0695", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122931", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122931", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0695.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122931\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:48 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0695\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0695 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0695\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0695.html\");\n script_cve_id(\"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2814\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.1.0~1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "[45.1.0-1.0.1.el7_2]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.1.0-1]\n- Update to 45.1.0 ESR\n[45.0.2-1]\n- Update to 45.0.2 ESR\n[45.0.1-1]\n- Update to 45.0.1 ESR\n[45.0-5]\n- Fixed crashed after start (rhbz#1323744, rhbz#1323738)\n[45.0-4]\n- Added system-level location for configuring Firefox (rhbz#1206239)\n[45.0-3]\n- Update to 45.0 ESR", "edition": 4, "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "ELSA-2016-0695", "href": "http://linux.oracle.com/errata/ELSA-2016-0695.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:09:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2807"], "description": "[38.8.0-2.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[38.8.0-2]\n- Update to 38.8.0", "edition": 5, "modified": "2016-05-12T00:00:00", "published": "2016-05-12T00:00:00", "id": "ELSA-2016-1041", "href": "http://linux.oracle.com/errata/ELSA-2016-1041.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-1526", "CVE-2016-2814", "CVE-2016-2808", "CVE-2016-2807", "CVE-2016-2806"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0695\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, CESG (the Information Security Arm of\nGCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris\nZbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell\nJesup as the original reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033890.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033891.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033892.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0695.html", "edition": 3, "modified": "2016-04-27T15:34:55", "published": "2016-04-26T23:59:06", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033890.html", "id": "CESA-2016:0695", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T13:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2807"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1041\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 38.8.0.\n\nSecurity Fix(es):\n\n* Two flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2016-2805, CVE-2016-2807)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, Christian Holler, and Tyson Smith as the\noriginal reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/033928.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/033930.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/009303.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1041.html", "edition": 87, "modified": "2016-05-16T11:02:20", "published": "2016-05-13T00:44:24", "href": "http://lists.centos.org/pipermail/centos-announce/2016-May/033928.html", "id": "CESA-2016:1041", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1526", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2814"], "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.1.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, CESG (the Information Security Arm of\nGCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris\nZbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell\nJesup as the original reporters.\n", "modified": "2018-06-06T20:24:10", "published": "2016-04-26T04:00:00", "id": "RHSA-2016:0695", "href": "https://access.redhat.com/errata/RHSA-2016:0695", "type": "redhat", "title": "(RHSA-2016:0695) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2807"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 38.8.0.\n\nSecurity Fix(es):\n\n* Two flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2016-2805, CVE-2016-2807)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Phil Ringalda, Christian Holler, and Tyson Smith as the\noriginal reporters.\n", "modified": "2018-06-06T20:24:17", "published": "2016-05-12T04:00:00", "id": "RHSA-2016:1041", "href": "https://access.redhat.com/errata/RHSA-2016:1041", "type": "redhat", "title": "(RHSA-2016:1041) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "\nMozilla Foundation reports:\n\nMFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 /\n\t rv:45.1 / rv:38.8)\nMFSA 2016-42 Use-after-free and buffer overflow\n\t in Service Workers\nMFSA 2016-44 Buffer overflow in libstagefright with\n\t CENC offsets\nMFSA 2016-45 CSP not applied to pages sent with\n\t multipart/x-mixed-replace\nMFSA 2016-46 Elevation of privilege with\n\t chrome.tabs.update API in web extensions\nMFSA 2016-47 Write to invalid HashMap entry through\n\t JavaScript.watch()\nMFSA 2016-48 Firefox Health Reports could accept events\n\t from untrusted domains\n\n", "edition": 4, "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "92D44F83-A7BF-41CF-91EE-3D1B8ECF579F", "href": "https://vuxml.freebsd.org/freebsd/92d44f83-a7bf-41cf-91ee-3d1b8ecf579f.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "- CVE-2016-2804:\n\nGary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve\nFink reported memory safety problems and crashes that are fixed in\nFirefox 46.\n\n- CVE-2016-2805:\n\nChristian Holler reported a memory safety problem that is fixed in\nFirefox ESR 38.8.\n\n- CVE-2016-2806:\n\nGary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten\nBook, Boris Zbarsky, David Bolter, and Randell Jesup reported memory\nsafety problems and crashes that are fixed in Firefox ESR 45.1 and\nFirefox 46.\n\n- CVE-2016-2807:\n\nChristian Holler, Tyson Smith, and Phil Ringalda reported memory safety\nproblems and crashes that are fixed in Firefox ESR 45.1, Firefox ESR\n38.8 and Firefox 46.\n\n- CVE-2016-2808:\n\nThe CESG, the Information Security Arm of GCHQ, reported that the\nJavaScript .watch() method could be used to overflow the 32-bit\ngeneration count of the underlying HashMap, resulting in a write to an\ninvalid entry. Under the right conditions this write could lead to\narbitrary code execution. The overflow takes considerable time and a\nmalicious page would require a user to keep it open for the duration of\nthe attack.\n\n- CVE-2016-2811, CVE-2016-2812:\n\nSecurity researcher Looben Yang reported two issues discovered in\nService Workers using Address Sanitizer.\n\nThe first of these is a use-after-free vulnerability caused by a\nServiceWorkerInfo object being kept active beyond the life its owning\nregistration. When it is later called through this registration, a\nuse-after-free results.\n\nIn the second issue, a race condition leading to a buffer overflow was\nfound in the ServiceWorkerManager. This leads to a potentially\nexploitable crash when triggered.\n\n- CVE-2016-2814:\n\nUsing Address Sanitizer, security researcher Sascha Just reported a\nbuffer overflow in the libstagefright library due to issues with the\nhandling of CENC offsets and the sizes table. This results in a\npotentially exploitable crash triggerable through web content.\n\n- CVE-2016-2816:\n\nSecurity researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co., Ltd. reported that Content Security Policy (CSP) is\nnot applied correctly to web content sent with the\nmultipart/x-mixed-replace MIME type. This allows for script to run in\ninstances where CSP should block it, leading to a failure to prevent\npotential cross-site scripting (XSS) and other attacks against the web page.\n\n- CVE-2016-2817:\n\nSecurity researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co., Ltd. reported that the chrome.tabs.update API for web\nextensions allows for navigation to javascript: URLs without additional\npermissions. This can used to elevate privilege for a universal\ncross-site scripting (XSS) attack by a malicious web extension. It can\nalso be used to inject content into other extensions if they load\ncontent within browser tabs.\n\n- CVE-2016-2820:\n\nMozilla engineer Mark Goodwin discovered that the Firefox Health Report\n(about:healthreport) accepts certain events from any content document\npresent in the remote-report iframe. If there were another vulnerability\nthat allowed the injection of web content into the Firefox Health Report\niframe, this content could change the sharing preferences of a user by\nfiring the appropriate events at it s containing page.", "modified": "2016-04-30T00:00:00", "published": "2016-04-30T00:00:00", "id": "ASA-201604-15", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html", "type": "archlinux", "title": "firefox: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2805", "CVE-2016-2804", "CVE-2016-2807", "CVE-2016-2806"], "description": "- CVE-2016-2804:\n\nGary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve\nFink reported memory safety problems and crashes.\n\n- CVE-2016-2805:\n\nChristian Holler reported a memory safety problem.\n\n- CVE-2016-2806:\n\nGary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten\nBook, Boris Zbarsky, David Bolter, and Randell Jesup reported memory\nsafety problems and crashes.\n\n- CVE-2016-2807:\n\nChristian Holler, Tyson Smith, and Phil Ringalda reported memory safety\nproblems and crashes.", "modified": "2016-05-15T00:00:00", "published": "2016-05-15T00:00:00", "id": "ASA-201605-21", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html", "type": "archlinux", "title": "thunderbird: arbitrary code execution", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:25", "bulletinFamily": "info", "cvelist": ["CVE-2016-2804", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807"], "description": "Mozilla yesterday updated Firefox and patched 10 vulnerabilities, one which was rated critical.\n\nFirefox 46 also included patches for four vulnerabilities that Mozilla rated as high severity. Critical bugs enabled remote code execution without user interaction, while bugs rated high can be exploited to steal browser data or inject code into websites via the browser.\n\nThe [critical vulnerability](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/>) was found internally and included four memory-related flaws in the browser engine used by Firefox and other Mozilla software.\n\n\u201cSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,\u201d Mozilla said in its advisory.\n\nAll four bugs\u2014CVE-2016-2807, CVE-2016-2806, CVE-2016-2805, and CVE-2016-2804\u2014cause the browser to crash; CVE-2016-2805 affects only Firefox ESR 38.8.\n\nAs for the high-severity vulnerabilities, one publicly disclosed by researchers at Newcastle University in the U.K. affects only mobile versions of Firefox for Android. The researchers found that they could use JavaScript with orientation data and motion sensors of the mobile browser to disclose user actions on the device.\n\n\u201cThis allows an attacker to infer touch actions on the device through these sensors when orientation events are triggered in the browser, compromising user privacy and including potentially revealing entered PIN code data along with other user activities,\u201d Mozilla said in its [advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/>).\n\nMozilla also patched a [buffer overflow in libstagefright](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/>) because of the way it handles CENC offsets and sizes table, and a [use-after-free and buffer overflow flaws](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/>) in Firefox\u2019s Service Workers.\n\nThe remaining high-severity bug was disclosed privately by the information security arm of the U.K. intelligence agency GCHQ. The flaw is that the .watch() JavaScript method could overflow the underlying HashMap and allow an attacker to write to an invalid entry.\n\n\u201cUnder the right conditions this write could lead to arbitrary code execution,\u201d Mozilla said in its [advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/>). \u201cThe overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.\u201d\n\nMozilla also patched a handful of flaws it rated as moderate severity because they work only in non-default configurations, or require extra actions on the user\u2019s part to exploit.\n", "modified": "2016-04-27T16:49:26", "published": "2016-04-27T12:49:26", "id": "THREATPOST:8F27BD0EF78B41D3BBEF88070DB6B93B", "href": "https://threatpost.com/firefox-46-patches-critical-memory-vulnerabilities/117698/", "type": "threatpost", "title": "Firefox 46 Patches Critical Memory Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:37", "bulletinFamily": "software", "cvelist": ["CVE-2016-2805", "CVE-2016-2804", "CVE-2016-2807", "CVE-2016-2806"], "edition": 1, "description": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "MFSA2016-39", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-39/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:40", "bulletinFamily": "software", "cvelist": ["CVE-2016-2814"], "edition": 1, "description": "Using Address Sanitizer, security researcher Sascha Just reported a\nbuffer overflow in the libstagefright library due to issues with the handling of CENC\noffsets and the sizes table. This results in a potentially exploitable crash triggerable\nthrough web content.", "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "MFSA2016-44", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-44/", "type": "mozilla", "title": "Buffer overflow in libstagefright with CENC offsets", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-05T13:37:46", "bulletinFamily": "software", "cvelist": ["CVE-2016-2808"], "edition": 1, "description": "The CESG, the Information Security Arm of GCHQ, reported that the\nJavaScript .watch() method could be used to overflow the 32-bit generation\ncount of the underlying HashMap, resulting in a write to an invalid entry. Under the right\nconditions this write could lead to arbitrary code execution. The overflow takes\nconsiderable time and a malicious page would require a user to keep it open for the\nduration of the attack.", "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "MFSA2016-47", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-47/", "type": "mozilla", "title": "Write to invalid HashMap entry through JavaScript.watch()", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-18T01:47:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1938", "CVE-2016-2805", "CVE-2016-1979", "CVE-2016-2807", "CVE-2016-1978"], "description": "Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple \nmemory safety issues in Thunderbird. If a user were tricked in to opening \na specially crafted message, an attacker could potentially exploit these \nto cause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-2805, CVE-2016-2807)\n\nHanno B\u00f6ck discovered that calculations with mp_div and mp_exptmod in NSS \nproduce incorrect results in some circumstances, resulting in \ncryptographic weaknesses. (CVE-2016-1938)\n\nA use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in \nNSS. A remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-1978)\n\nA use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey \nin NSS. A remote attacker could potentially exploit this to cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2016-1979)", "edition": 6, "modified": "2016-05-19T00:00:00", "published": "2016-05-19T00:00:00", "id": "USN-2973-1", "href": "https://ubuntu.com/security/notices/USN-2973-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, \nMats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, \nAndrew McCreight, and Steve Fink discovered multiple memory safety issues \nin Firefox. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit these to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, \nCVE-2016-2807)\n\nAn invalid write was discovered when using the JavaScript .watch() method in \nsome circumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2808)\n\nLooben Yang discovered a use-after-free and buffer overflow in service \nworkers. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)\n\nSascha Just discovered a buffer overflow in libstagefright in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2814)\n\nMuneaki Nishimura discovered that CSP is not applied correctly to web \ncontent sent with the multipart/x-mixed-replace MIME type. An attacker \ncould potentially exploit this to conduct cross-site scripting (XSS) \nattacks when they would otherwise be prevented. (CVE-2016-2816)\n\nMuneaki Nishimura discovered that the chrome.tabs.update API for web \nextensions allows for navigation to javascript: URLs. A malicious \nextension could potentially exploit this to conduct cross-site scripting \n(XSS) attacks. (CVE-2016-2817)\n\nMark Goodwin discovered that about:healthreport accepts certain events \nfrom any content present in the remote-report iframe. If another \nvulnerability allowed the injection of web content in the remote-report \niframe, an attacker could potentially exploit this to change the user's \nsharing preferences. (CVE-2016-2820)", "edition": 5, "modified": "2016-04-27T00:00:00", "published": "2016-04-27T00:00:00", "id": "USN-2936-1", "href": "https://ubuntu.com/security/notices/USN-2936-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to \ncrash on startup with the Oxygen GTK theme due to a pre-existing bug in \nthe Oxygen-GTK3 theme engine. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nChristian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, \nMats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, \nAndrew McCreight, and Steve Fink discovered multiple memory safety issues \nin Firefox. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit these to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, \nCVE-2016-2807)\n\nAn invalid write was discovered when using the JavaScript .watch() method in \nsome circumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2808)\n\nLooben Yang discovered a use-after-free and buffer overflow in service \nworkers. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)\n\nSascha Just discovered a buffer overflow in libstagefright in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2814)\n\nMuneaki Nishimura discovered that CSP is not applied correctly to web \ncontent sent with the multipart/x-mixed-replace MIME type. An attacker \ncould potentially exploit this to conduct cross-site scripting (XSS) \nattacks when they would otherwise be prevented. (CVE-2016-2816)\n\nMuneaki Nishimura discovered that the chrome.tabs.update API for web \nextensions allows for navigation to javascript: URLs. A malicious \nextension could potentially exploit this to conduct cross-site scripting \n(XSS) attacks. (CVE-2016-2817)\n\nMark Goodwin discovered that about:healthreport accepts certain events \nfrom any content present in the remote-report iframe. If another \nvulnerability allowed the injection of web content in the remote-report \niframe, an attacker could potentially exploit this to change the user's \nsharing preferences. (CVE-2016-2820)", "edition": 5, "modified": "2016-05-02T00:00:00", "published": "2016-05-02T00:00:00", "id": "USN-2936-2", "href": "https://ubuntu.com/security/notices/USN-2936-2", "title": "Oxygen-GTK3 update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:39:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2814", "CVE-2016-2804", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue \nwhere a device update POST request was sent every time about:preferences#sync \nwas shown. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nChristian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, \nMats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, \nAndrew McCreight, and Steve Fink discovered multiple memory safety issues \nin Firefox. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit these to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806, \nCVE-2016-2807)\n\nAn invalid write was discovered when using the JavaScript .watch() method in \nsome circumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2808)\n\nLooben Yang discovered a use-after-free and buffer overflow in service \nworkers. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to cause a denial of service \nvia application crash, or execute arbitrary code with the privileges of \nthe user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)\n\nSascha Just discovered a buffer overflow in libstagefright in some \ncircumstances. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2016-2814)\n\nMuneaki Nishimura discovered that CSP is not applied correctly to web \ncontent sent with the multipart/x-mixed-replace MIME type. An attacker \ncould potentially exploit this to conduct cross-site scripting (XSS) \nattacks when they would otherwise be prevented. (CVE-2016-2816)\n\nMuneaki Nishimura discovered that the chrome.tabs.update API for web \nextensions allows for navigation to javascript: URLs. A malicious \nextension could potentially exploit this to conduct cross-site scripting \n(XSS) attacks. (CVE-2016-2817)\n\nMark Goodwin discovered that about:healthreport accepts certain events \nfrom any content present in the remote-report iframe. If another \nvulnerability allowed the injection of web content in the remote-report \niframe, an attacker could potentially exploit this to change the user's \nsharing preferences. (CVE-2016-2820)", "edition": 6, "modified": "2016-05-19T00:00:00", "published": "2016-05-19T00:00:00", "id": "USN-2936-3", "href": "https://ubuntu.com/security/notices/USN-2936-3", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:11", "bulletinFamily": "info", "cvelist": ["CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2805", "CVE-2016-2814", "CVE-2016-2813", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-2810", "CVE-2016-1780", "CVE-2016-2807", "CVE-2016-2806", "CVE-2016-2812", "CVE-2016-2820"], "description": "### *Detect date*:\n04/26/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code, elevate privileges, cause denial of service or obtain sensitive information.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 46 \nMozilla Firefox ESR versions earlier than 38.8 \nMozilla Firefox ESR 45 versions earlier than 45.1\n\n### *Solution*:\nUpdate to the latest version \n[Get Firefox](<https://www.mozilla.org/firefox/new/?scene=2>) \n[Get Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/>)\n\n### *Original advisories*:\n[Mozilla Foundation Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-2808](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808>)5.1High \n[CVE-2016-2820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2820>)4.3Warning \n[CVE-2016-2817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2817>)4.3Warning \n[CVE-2016-2816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2816>)4.3Warning \n[CVE-2016-2814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814>)6.8High \n[CVE-2016-2813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2813>)4.3Warning \n[CVE-2016-2812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2812>)5.1High \n[CVE-2016-2811](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2811>)6.8High \n[CVE-2016-2810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2810>)4.3Warning \n[CVE-2016-2809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2809>)5.8High \n[CVE-2016-1780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1780>)4.3Warning \n[CVE-2016-2807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807>)10.0Critical \n[CVE-2016-2806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806>)10.0Critical \n[CVE-2016-2805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805>)10.0Critical \n[CVE-2016-2804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2804>)10.0Critical", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2016-04-26T00:00:00", "id": "KLA10795", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10795", "title": "\r KLA10795Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2017-01-03T14:14:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0824", "CVE-2016-9893", "CVE-2015-0831", "CVE-2016-5266", "CVE-2016-5290", "CVE-2016-5278", "CVE-2016-5256", "CVE-2016-5252", "CVE-2015-0832", "CVE-2016-5281", "CVE-2016-2816", "CVE-2016-5280", "CVE-2016-5271", "CVE-2016-5297", "CVE-2016-2827", "CVE-2015-0825", "CVE-2015-0821", "CVE-2016-2817", "CVE-2016-5250", "CVE-2016-2805", "CVE-2015-0828", "CVE-2016-5259", "CVE-2016-5274", "CVE-2016-9904", "CVE-2016-5261", "CVE-2016-5267", "CVE-2016-9064", "CVE-2016-5254", "CVE-2016-5284", "CVE-2016-2814", "CVE-2015-0826", "CVE-2016-5296", "CVE-2016-9899", "CVE-2016-5265", "CVE-2016-9079", "CVE-2016-5270", "CVE-2016-9898", "CVE-2014-8642", "CVE-2014-8637", "CVE-2016-5264", "CVE-2014-8636", "CVE-2016-2813", "CVE-2016-9902", "CVE-2015-0819", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5283", "CVE-2016-9074", "CVE-2016-5277", "CVE-2015-0834", "CVE-2016-2804", "CVE-2016-2809", "CVE-2016-9897", "CVE-2016-2808", "CVE-2016-2811", "CVE-2016-9066", "CVE-2014-8641", "CVE-2015-0835", "CVE-2016-9905", "CVE-2016-5258", "CVE-2016-9895", "CVE-2016-2810", "CVE-2016-9900", "CVE-2016-5293", "CVE-2016-5260", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-5268", "CVE-2016-5257", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-9901", "CVE-2016-2807", "CVE-2016-5272", "CVE-2014-8634", "CVE-2015-0823", "CVE-2016-5251", "CVE-2016-2806", "CVE-2016-5273", "CVE-2016-2837", "CVE-2015-0836", "CVE-2016-5276", "CVE-2016-2812", "CVE-2014-8639", "CVE-2015-0829", "CVE-2016-5262", "CVE-2015-0822", "CVE-2016-5253", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2016-5279", "CVE-2014-8635", "CVE-2014-8638", "CVE-2016-5255", "CVE-2016-5275", "CVE-2016-2830", "CVE-2016-5282", "CVE-2015-0820", "CVE-2016-2820", "CVE-2015-0833"], "edition": 1, "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"\n \n\nAll SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.38\"\n \n\nAll SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.38\"", "modified": "2017-01-03T00:00:00", "published": "2017-01-03T00:00:00", "href": "https://security.gentoo.org/glsa/201701-15", "id": "GLSA-201701-15", "type": "gentoo", "title": "Mozilla Firefox, SeaMonkey, Thunderbird: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Firefox ESR &lt; 38.8 Multiple Vulnerabilities

Description

Firefox ESR < 38.8 Multiple Vulnerabilities