The version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(89875);
script_version("1.10");
script_cvs_date("Date: 2019/11/20");
script_cve_id(
"CVE-2016-1950",
"CVE-2016-1952",
"CVE-2016-1953",
"CVE-2016-1954",
"CVE-2016-1955",
"CVE-2016-1956",
"CVE-2016-1957",
"CVE-2016-1958",
"CVE-2016-1959",
"CVE-2016-1960",
"CVE-2016-1961",
"CVE-2016-1962",
"CVE-2016-1963",
"CVE-2016-1964",
"CVE-2016-1965",
"CVE-2016-1966",
"CVE-2016-1967",
"CVE-2016-1968",
"CVE-2016-1969",
"CVE-2016-1970",
"CVE-2016-1971",
"CVE-2016-1972",
"CVE-2016-1973",
"CVE-2016-1974",
"CVE-2016-1975",
"CVE-2016-1976",
"CVE-2016-1977",
"CVE-2016-1979",
"CVE-2016-2790",
"CVE-2016-2791",
"CVE-2016-2792",
"CVE-2016-2793",
"CVE-2016-2794",
"CVE-2016-2795",
"CVE-2016-2796",
"CVE-2016-2797",
"CVE-2016-2798",
"CVE-2016-2799",
"CVE-2016-2800",
"CVE-2016-2801",
"CVE-2016-2802"
);
script_xref(name:"MFSA", value:"2016-16");
script_xref(name:"MFSA", value:"2016-17");
script_xref(name:"MFSA", value:"2016-18");
script_xref(name:"MFSA", value:"2016-19");
script_xref(name:"MFSA", value:"2016-20");
script_xref(name:"MFSA", value:"2016-21");
script_xref(name:"MFSA", value:"2016-22");
script_xref(name:"MFSA", value:"2016-23");
script_xref(name:"MFSA", value:"2016-24");
script_xref(name:"MFSA", value:"2016-25");
script_xref(name:"MFSA", value:"2016-26");
script_xref(name:"MFSA", value:"2016-27");
script_xref(name:"MFSA", value:"2016-28");
script_xref(name:"MFSA", value:"2016-29");
script_xref(name:"MFSA", value:"2016-30");
script_xref(name:"MFSA", value:"2016-31");
script_xref(name:"MFSA", value:"2016-32");
script_xref(name:"MFSA", value:"2016-33");
script_xref(name:"MFSA", value:"2016-34");
script_xref(name:"MFSA", value:"2016-35");
script_xref(name:"MFSA", value:"2016-36");
script_xref(name:"MFSA", value:"2016-37");
script_xref(name:"MFSA", value:"2016-38");
script_name(english:"Firefox < 45 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 45. It is, therefore, affected by multiple vulnerabilities, the
majority of which are remote code execution vulnerabilities. An
unauthenticated, remote attacker can exploit these issues by
convincing a user to visit a specially crafted website, resulting in
the execution of arbitrary code in the context of the current user.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox version 45 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1962");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2016/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Firefox/Version");
exit(0);
}
include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'45', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
www.mozilla.org/en-US/security/advisories/mfsa2016-16/
www.mozilla.org/en-US/security/advisories/mfsa2016-17/
www.mozilla.org/en-US/security/advisories/mfsa2016-18/
www.mozilla.org/en-US/security/advisories/mfsa2016-19/
www.mozilla.org/en-US/security/advisories/mfsa2016-20/
www.mozilla.org/en-US/security/advisories/mfsa2016-21/
www.mozilla.org/en-US/security/advisories/mfsa2016-22/
www.mozilla.org/en-US/security/advisories/mfsa2016-23/
www.mozilla.org/en-US/security/advisories/mfsa2016-24/
www.mozilla.org/en-US/security/advisories/mfsa2016-25/
www.mozilla.org/en-US/security/advisories/mfsa2016-26/
www.mozilla.org/en-US/security/advisories/mfsa2016-27/
www.mozilla.org/en-US/security/advisories/mfsa2016-28/
www.mozilla.org/en-US/security/advisories/mfsa2016-29/
www.mozilla.org/en-US/security/advisories/mfsa2016-30/
www.mozilla.org/en-US/security/advisories/mfsa2016-31/
www.mozilla.org/en-US/security/advisories/mfsa2016-32/
www.mozilla.org/en-US/security/advisories/mfsa2016-33/
www.mozilla.org/en-US/security/advisories/mfsa2016-34/
www.mozilla.org/en-US/security/advisories/mfsa2016-35/
www.mozilla.org/en-US/security/advisories/mfsa2016-36/
www.mozilla.org/en-US/security/advisories/mfsa2016-37/
www.mozilla.org/en-US/security/advisories/mfsa2016-38/