The remote Windows host contains a web browser that is affected by multiple vulnerabilities. The version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Ubuntu: Security Advisory (USN-2917-1) | 10 Mar 201600:00 | – | openvas |
![]() | Mozilla Firefox Multiple Vulnerabilities (Mar 2016) - Windows | 14 Mar 201600:00 | – | openvas |
![]() | Mozilla Firefox Multiple Vulnerabilities (Mar 2016) - Mac OS X | 14 Mar 201600:00 | – | openvas |
![]() | Mozilla Thunderbird Security Advisories - 1 - (MFSA2016-16, MFSA2016-38) - Windows | 7 Sep 201600:00 | – | openvas |
![]() | Mozilla Thunderbird Security Advisories - 1 - (MFSA2016-16, MFSA2016-38) - Mac OS X | 7 Sep 201600:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1002) | 23 Jan 202000:00 | – | openvas |
![]() | CentOS Update for firefox CESA-2016:0373 centos7 | 10 Mar 201600:00 | – | openvas |
![]() | Oracle: Security Advisory (ELSA-2016-0373) | 11 Mar 201600:00 | – | openvas |
![]() | Debian Security Advisory DSA 3510-1 (iceweasel - security update) | 9 Mar 201600:00 | – | openvas |
![]() | Mozilla Firefox ESR Multiple Vulnerabilities (Mar 2016) - Mac OS X | 14 Mar 201600:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(89875);
script_version("1.10");
script_cvs_date("Date: 2019/11/20");
script_cve_id(
"CVE-2016-1950",
"CVE-2016-1952",
"CVE-2016-1953",
"CVE-2016-1954",
"CVE-2016-1955",
"CVE-2016-1956",
"CVE-2016-1957",
"CVE-2016-1958",
"CVE-2016-1959",
"CVE-2016-1960",
"CVE-2016-1961",
"CVE-2016-1962",
"CVE-2016-1963",
"CVE-2016-1964",
"CVE-2016-1965",
"CVE-2016-1966",
"CVE-2016-1967",
"CVE-2016-1968",
"CVE-2016-1969",
"CVE-2016-1970",
"CVE-2016-1971",
"CVE-2016-1972",
"CVE-2016-1973",
"CVE-2016-1974",
"CVE-2016-1975",
"CVE-2016-1976",
"CVE-2016-1977",
"CVE-2016-1979",
"CVE-2016-2790",
"CVE-2016-2791",
"CVE-2016-2792",
"CVE-2016-2793",
"CVE-2016-2794",
"CVE-2016-2795",
"CVE-2016-2796",
"CVE-2016-2797",
"CVE-2016-2798",
"CVE-2016-2799",
"CVE-2016-2800",
"CVE-2016-2801",
"CVE-2016-2802"
);
script_xref(name:"MFSA", value:"2016-16");
script_xref(name:"MFSA", value:"2016-17");
script_xref(name:"MFSA", value:"2016-18");
script_xref(name:"MFSA", value:"2016-19");
script_xref(name:"MFSA", value:"2016-20");
script_xref(name:"MFSA", value:"2016-21");
script_xref(name:"MFSA", value:"2016-22");
script_xref(name:"MFSA", value:"2016-23");
script_xref(name:"MFSA", value:"2016-24");
script_xref(name:"MFSA", value:"2016-25");
script_xref(name:"MFSA", value:"2016-26");
script_xref(name:"MFSA", value:"2016-27");
script_xref(name:"MFSA", value:"2016-28");
script_xref(name:"MFSA", value:"2016-29");
script_xref(name:"MFSA", value:"2016-30");
script_xref(name:"MFSA", value:"2016-31");
script_xref(name:"MFSA", value:"2016-32");
script_xref(name:"MFSA", value:"2016-33");
script_xref(name:"MFSA", value:"2016-34");
script_xref(name:"MFSA", value:"2016-35");
script_xref(name:"MFSA", value:"2016-36");
script_xref(name:"MFSA", value:"2016-37");
script_xref(name:"MFSA", value:"2016-38");
script_name(english:"Firefox < 45 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 45. It is, therefore, affected by multiple vulnerabilities, the
majority of which are remote code execution vulnerabilities. An
unauthenticated, remote attacker can exploit these issues by
convincing a user to visit a specially crafted website, resulting in
the execution of arbitrary code in the context of the current user.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox version 45 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1962");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2016/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Firefox/Version");
exit(0);
}
include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'45', severity:SECURITY_HOLE);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo