Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_78_0.NASLHistoryJul 02, 2020 - 12:00 a.m.
Mozilla Firefox < 78.0
2020-07-0200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
7.7 High
AI Score
Confidence
Low
The version of Firefox installed on the remote Windows host is prior to 78.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2020-24.
# The text itself is copyright (C) Mozilla Foundation.
include('compat.inc');
if (description)
{
script_id(138085);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id(
"CVE-2020-12402",
"CVE-2020-12415",
"CVE-2020-12416",
"CVE-2020-12417",
"CVE-2020-12418",
"CVE-2020-12419",
"CVE-2020-12420",
"CVE-2020-12421",
"CVE-2020-12422",
"CVE-2020-12423",
"CVE-2020-12424",
"CVE-2020-12425",
"CVE-2020-12426"
);
script_xref(name:"MFSA", value:"2020-24");
script_xref(name:"IAVA", value:"2020-A-0287-S");
script_name(english:"Mozilla Firefox < 78.0");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior to 78.0. It is, therefore, affected by multiple
vulnerabilities as referenced in the mfsa2020-24 advisory. Note that Nessus has not tested for this issue but has
instead relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox version 78.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12426");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/30");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Firefox/Version");
exit(0);
}
include('mozilla_version.inc');
port = get_kb_item("SMB/transport");
if (!port) port = 445;
installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'78.0', severity:SECURITY_HOLE);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12426
www.mozilla.org/en-US/security/advisories/mfsa2020-24/
Related
kaspersky
kaspersky
KLA11824 Multiple vulnerabilities in Mozilla Firefox
2020-06-30 00:00:00
KLA11913 Multiple vulnerabilities in Mozilla Thunderbird
2020-07-16 00:00:00
KLA11825 Multiple vulnerabilities in Mozilla Firefox ESR
2020-06-30 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 78 — Mozilla
2020-06-30 00:00:00
Security Vulnerabilities fixed in Thunderbird 78 — Mozilla
2020-07-16 00:00:00
Security Vulnerabilities fixed in Firefox ESR 68.10 — Mozilla
2020-06-30 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1899-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:0983-1)
2020-07-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1898-1)
2021-06-09 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-2020-983)
2020-07-20 00:00:00
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14421-1)
2021-06-10 00:00:00
Mozilla Firefox < 78.0
2020-07-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 78.0.1-alt1
2020-07-04 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 78.0-alt1
2020-07-21 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.10.0-alt1
2020-07-13 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2020-07-26 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2020-07-26 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2020-07-17 00:00:00
Security update for MozillaFirefox (important)
2020-07-20 00:00:00
Security update for MozillaThunderbird (important)
2020-07-15 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2020-07-02 00:00:00
Thunderbird vulnerabilities
2020-07-08 00:00:00
oraclelinux
oraclelinux
firefox security update
2020-07-08 00:00:00
firefox security update
2020-07-07 00:00:00
thunderbird security update
2020-07-14 00:00:00
redhat
redhat
(RHSA-2020:2827) Important: firefox security update
2020-07-06 20:39:44
(RHSA-2020:2828) Important: firefox security update
2020-07-06 20:40:34
(RHSA-2020:2825) Important: firefox security update
2020-07-06 20:18:27
osv
osv
firefox-esr - security update
2020-07-01 00:00:00
thunderbird - security update
2020-07-05 00:00:00
amazon
amazon
Important: thunderbird
2023-02-17 00:11:00
Important: thunderbird
2020-07-21 16:34:00
debian
debian
[SECURITY] [DSA 4713-1] firefox-esr security update
2020-07-01 18:12:37
[SECURITY] [DSA 4718-1] thunderbird security update
2020-07-05 18:11:57
centos
centos
firefox security update
2020-07-08 17:23:13
firefox security update
2020-07-08 17:26:10
ibm
ibm
mageia
mageia
Updated Thunderbird packages fix security vulnerabilities
2020-09-30 13:01:40
Updated firefox packages fix security vulnerability
2020-07-05 01:47:21
Updated thunderbird packages fix security vulnerability
2020-08-01 02:25:42
alpinelinux
alpinelinux
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:32:32
Arbitrary Code Execution
2020-08-06 21:32:18
Authorization Bypass
2020-08-06 21:32:23
prion
prion
Race condition
2020-07-09 15:15:00
Memory corruption
2020-07-09 15:15:00
Directory traversal
2020-07-09 15:15:00
debiancve
debiancve
redhatcve
redhatcve
cve
cve
fedora
fedora
[SECURITY] Fedora 31 Update: nss-3.54.0-1.fc31
2020-08-01 01:18:32
[SECURITY] Fedora 32 Update: nspr-4.26.0-1.fc32
2020-07-19 01:11:46