{"id": "OPENSUSE-2016-1019.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "description": "This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "published": "2016-08-29T00:00:00", "modified": "2016-10-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "reporter": "Tenable", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "cvelist": ["CVE-2016-6354"], "type": "nessus", "lastseen": "2019-01-16T20:24:44", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2016-6354"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update includes Firefox 48.0.1 to fix a few regressions and a security issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "14b54b19d788aa3fb28c64e76f8107d7c9146b79c816dcfcab2b11bddd261bf8", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "25dd94c730e8997bdb70968e8b72364f", "key": "cpe"}, {"hash": "242ea0d9bdb93075d900c9e634a85934", "key": "cvelist"}, {"hash": "283228ac439e342e9a3248592b9624f9", "key": "title"}, {"hash": "24e0e8faefe8d79072cf6468f38e2501", "key": "pluginID"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "modified"}, {"hash": "29a18f0d6d56de5be5ca6823a5d536fc", "key": "references"}, {"hash": "81879cbcf07eac8413d123a0e7a2da56", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b4e11b5577f800625f5beab0967f3d07", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ea310e0135f4808d2b91389f24cabe5b", "key": "sourceData"}, {"hash": "40eb3e68151f3dd36224c1fe46479904", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "id": "OPENSUSE-2016-1019.NASL", "lastseen": "2018-09-02T00:11:34", "modified": "2016-10-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "93146", "published": "2016-08-29T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-02T00:11:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-6354"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update includes Firefox 48.0.1 to fix a few regressions and a security issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "edition": 2, "enchantments": {}, "hash": "ff44d32e96080a0d134c10648237d99176258bf8f65201dd0ac64d8f45724045", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "242ea0d9bdb93075d900c9e634a85934", "key": "cvelist"}, {"hash": "283228ac439e342e9a3248592b9624f9", "key": "title"}, {"hash": "24e0e8faefe8d79072cf6468f38e2501", "key": "pluginID"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "modified"}, {"hash": "29a18f0d6d56de5be5ca6823a5d536fc", "key": "references"}, {"hash": "81879cbcf07eac8413d123a0e7a2da56", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b4e11b5577f800625f5beab0967f3d07", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ea310e0135f4808d2b91389f24cabe5b", "key": "sourceData"}, {"hash": "40eb3e68151f3dd36224c1fe46479904", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "id": "OPENSUSE-2016-1019.NASL", "lastseen": "2016-10-13T21:27:20", "modified": "2016-10-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "93146", "published": "2016-08-29T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-10-13T21:27:20"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2016-6354"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update includes Firefox 48.0.1 to fix a few regressions and a security issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "62b483cf8a339677508718b1be1d71397380512ffdd2febf3223e62836563702", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "25dd94c730e8997bdb70968e8b72364f", "key": "cpe"}, {"hash": "242ea0d9bdb93075d900c9e634a85934", "key": "cvelist"}, {"hash": "283228ac439e342e9a3248592b9624f9", "key": "title"}, {"hash": "24e0e8faefe8d79072cf6468f38e2501", "key": "pluginID"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "modified"}, {"hash": "29a18f0d6d56de5be5ca6823a5d536fc", "key": "references"}, {"hash": "81879cbcf07eac8413d123a0e7a2da56", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b4e11b5577f800625f5beab0967f3d07", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ea310e0135f4808d2b91389f24cabe5b", "key": "sourceData"}, {"hash": "40eb3e68151f3dd36224c1fe46479904", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "id": "OPENSUSE-2016-1019.NASL", "lastseen": "2018-08-30T19:59:01", "modified": "2016-10-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "93146", "published": "2016-08-29T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:59:01"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-6354"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update includes Firefox 48.0.1 to fix a few regressions and a security issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "edition": 1, "hash": "26669628757e0157b35614bb053e3222af464fc5b38e654a7f4142127bb5262a", "hashmap": [{"hash": "d46bb28fb3bae06a51633aba015cf526", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "242ea0d9bdb93075d900c9e634a85934", "key": "cvelist"}, {"hash": "283228ac439e342e9a3248592b9624f9", "key": "title"}, {"hash": "24e0e8faefe8d79072cf6468f38e2501", "key": "pluginID"}, {"hash": "29a18f0d6d56de5be5ca6823a5d536fc", "key": "references"}, {"hash": "81879cbcf07eac8413d123a0e7a2da56", "key": "href"}, {"hash": "019e03852f97f7680f9210a2df32be50", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b4e11b5577f800625f5beab0967f3d07", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "40eb3e68151f3dd36224c1fe46479904", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "id": "OPENSUSE-2016-1019.NASL", "lastseen": "2016-09-26T17:26:49", "modified": "2016-09-23T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "93146", "published": "2016-08-29T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/09/23 13:29:16 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2016-6354"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update includes Firefox 48.0.1 to fix a few regressions and a security issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are correctly loaded again on x86-64\n\n - Fix for possible buffer overrun", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "14b54b19d788aa3fb28c64e76f8107d7c9146b79c816dcfcab2b11bddd261bf8", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "25dd94c730e8997bdb70968e8b72364f", "key": "cpe"}, {"hash": "242ea0d9bdb93075d900c9e634a85934", "key": "cvelist"}, {"hash": "283228ac439e342e9a3248592b9624f9", "key": "title"}, {"hash": "24e0e8faefe8d79072cf6468f38e2501", "key": "pluginID"}, {"hash": "bcd8abde7f060a8789d08ba0ba73d345", "key": "modified"}, {"hash": "29a18f0d6d56de5be5ca6823a5d536fc", "key": "references"}, {"hash": "81879cbcf07eac8413d123a0e7a2da56", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b4e11b5577f800625f5beab0967f3d07", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "ea310e0135f4808d2b91389f24cabe5b", "key": "sourceData"}, {"hash": "40eb3e68151f3dd36224c1fe46479904", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93146", "id": "OPENSUSE-2016-1019.NASL", "lastseen": "2017-10-29T13:46:15", "modified": "2016-10-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "93146", "published": "2016-08-29T00:00:00", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236", "https://bugzilla.mozilla.org/show_bug.cgi?id=1290469", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276920", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291078", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282843", "https://bugzilla.mozilla.org/show_bug.cgi?id=1264530", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291738", "https://bugzilla.mozilla.org/show_bug.cgi?id=1295296"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "title": "openSUSE Security Update : Firefox (openSUSE-2016-1019)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:46:15"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "25dd94c730e8997bdb70968e8b72364f"}, {"key": "cvelist", "hash": "242ea0d9bdb93075d900c9e634a85934"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "943d030eedb45cd569b228a2218c657a"}, {"key": "href", "hash": "81879cbcf07eac8413d123a0e7a2da56"}, {"key": "modified", "hash": "bcd8abde7f060a8789d08ba0ba73d345"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "24e0e8faefe8d79072cf6468f38e2501"}, {"key": "published", "hash": "40eb3e68151f3dd36224c1fe46479904"}, {"key": "references", "hash": "29a18f0d6d56de5be5ca6823a5d536fc"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "ea310e0135f4808d2b91389f24cabe5b"}, {"key": "title", "hash": "283228ac439e342e9a3248592b9624f9"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "92f6c2a343886d9d2a45335fa19381a754f568b779b51bd61cee34e63fd8b294", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1019.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93146);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Firefox (openSUSE-2016-1019)\");\n script_summary(english:\"Check for the openSUSE-2016-1019 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes Firefox 48.0.1 to fix a few regressions and a\nsecurity issue :\n\n - Fix an audio regression impacting some major websites\n\n - Fix a top crash in the JavaScript engine\n\n - Fix a startup crash issue caused by Websense\n\n - Fix a different behavior with e10s / non-e10s on select\n and mouse events\n\n - Fix a top crash caused by plugin issues\n\n - Fix a shutdown issue\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64\n\n - Fix for possible buffer overrun\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1264530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1290469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1291738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Firefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-48.0.1-122.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "93146", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "cpe:/o:novell:opensuse:13.1"]}

{"cve": [{"lastseen": "2017-04-18T15:59:58", "references": ["http://www.openwall.com/lists/oss-security/2016/07/26/12", "http://www.openwall.com/lists/oss-security/2016/07/18/8", "https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466", "https://security.gentoo.org/glsa/201701-31", "http://www.debian.org/security/2016/dsa-3653"], "edition": 2, "description": "Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.", "reporter": "NVD", "published": "2016-09-21T10:25:20", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "title": "CVE-2016-6354", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-6354"], "scanner": [], "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:flex_project:flex:2.6.0"], "modified": "2017-01-17T21:59:08", "id": "CVE-2016-6354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6354", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:31", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u2", "arch": "all", "packageFilename": "libfl-dev_2.5.39-8+deb8u2_all.deb", "packageName": "libfl-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u2", "arch": "all", "packageFilename": "flex_2.5.39-8+deb8u2_all.deb", "packageName": "flex", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u2", "arch": "all", "packageFilename": "flex-doc_2.5.39-8+deb8u2_all.deb", "packageName": "flex-doc", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3653-2 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 04, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : flex\nCVE ID : CVE-2016-6354\nDebian Bug : 832768 835542\n\nIt was reported that the update for flex as released in DSA-3653-1 did\nnot completely address CVE-2016-6354 as intended due to problems in the\npatch handling and regenerated files during the build. Additionally a\nregression was introduced, causing new warnings when compiling flex\ngenerated code. Updated packages are now available to address these\nproblems. For reference, the relevant part of the original advisory\ntext follows.\n\nAlexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.5.39-8+deb8u2.\n\nWe recommend that you upgrade your flex packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2016-09-04T15:05:12", "title": "[SECURITY] [DSA 3653-2] flex security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:31", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-6354"], "modified": "2016-09-04T15:05:12", "id": "DEBIAN:DSA-3653-2:0854C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00237.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:11", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u1", "arch": "all", "packageFilename": "flex-doc_2.5.39-8+deb8u1_all.deb", "packageName": "flex-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u1", "arch": "all", "packageFilename": "libfl-dev_2.5.39-8+deb8u1_all.deb", "packageName": "libfl-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.5.39-8+deb8u1", "arch": "all", "packageFilename": "flex_2.5.39-8+deb8u1_all.deb", "packageName": "flex", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3653-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : flex\nCVE ID : CVE-2016-6354\nDebian Bug : 832768\n\nAlexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.5.39-8+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.6.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your flex packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2016-08-25T21:14:55", "title": "[SECURITY] [DSA 3653-1] flex security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:11", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-6354"], "modified": "2016-08-25T21:14:55", "id": "DEBIAN:DSA-3653-1:32FB7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00231.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:48:24", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZDEYNSCYVEMOKRO6EJOUZS7WM5WB43M", "2016-c9ad9582f7"], "pluginID": "1361412562310808770", "description": "Check the version of flex", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-09T00:00:00", "title": "Fedora Update for flex FEDORA-2016-c9ad9582f7", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flex FEDORA-2016-c9ad9582f7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808770\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-09 05:44:08 +0200 (Tue, 09 Aug 2016)\");\n script_cve_id(\"CVE-2016-6354\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flex FEDORA-2016-c9ad9582f7\");\n script_tag(name: \"summary\", value: \"Check the version of flex\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"The flex program generates scanners.\n Scanners are programs which can recognize lexical patterns in text.\n Flex takes pairs of regular expressions and C code as input and generates\n a C source file as output.\n The output file is compiled and linked with a library to\n produce an executable. The executable searches through its input for\n occurrences of the regular expressions. When a match is found, it\n executes the corresponding C code. Flex was designed to work with\n both Yacc and Bison, and is used by many programs as part of their\n build process.\n\n You should install flex if you are going to use your system for\n application development.\");\n\n script_tag(name: \"affected\", value: \"flex on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-c9ad9582f7\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZDEYNSCYVEMOKRO6EJOUZS7WM5WB43M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.6.0~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:54:56", "references": ["http://www.debian.org/security/2016/dsa-3653.html"], "pluginID": "703653", "description": "Alexander Sulfrian discovered a buffer\noverflow in the yy_get_next_buffer() function generated by Flex, which may result\nin denial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-08-25T00:00:00", "title": "Debian Security Advisory DSA 3653-1 (flex - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703653", "id": "OPENVAS:703653", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3653.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3653-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703653);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6354\");\n script_name(\"Debian Security Advisory DSA 3653-1 (flex - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3653.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"flex on Debian Linux\");\n script_tag(name: \"insight\", value: \"Flex is a tool for generating scanners:\nprograms which recognized lexical patterns in text. It reads the given input files\nfor a description of a scanner to generate. The description is in the form of pairs\nof regular expressions and C code, called rules. Flex generates as output a C source\nfile, lex.yy.c, which defines a routine yylex(). This file is compiled\nand linked with the -lfl library to produce an executable. When the\nexecutable is run, it analyzes its input for occurrences of the regular\nexpressions. Whenever it finds one, it executes the corresponding C code.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 2.5.39-8+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.6.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your flex packages.\");\n script_tag(name: \"summary\", value: \"Alexander Sulfrian discovered a buffer\noverflow in the yy_get_next_buffer() function generated by Flex, which may result\nin denial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"flex\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"flex-doc\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:amd64\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:i386\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"flex\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"flex-doc\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:amd64\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:i386\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:33", "references": ["2016-8d79ade826", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/425Z3AVTSRDHYXLITCOOZKS233ZB2X6Z"], "pluginID": "1361412562310872106", "description": "Check the version of flex", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-12-10T00:00:00", "title": "Fedora Update for flex FEDORA-2016-8d79ade826", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310872106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872106", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for flex FEDORA-2016-8d79ade826\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872106\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:36 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-6354\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for flex FEDORA-2016-8d79ade826\");\n script_tag(name: \"summary\", value: \"Check the version of flex\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"The flex program generates scanners.\n Scanners are programs which can recognize lexical patterns in text.\n Flex takes pairs of regular expressions and C code as input\n and generates a C source file as output. \n The output file is compiled and linked with a library to\n produce an executable. The executable searches through its input for\n occurrences of the regular expressions. When a match is found, it\n executes the corresponding C code. Flex was designed to work with\n both Yacc and Bison, and is used by many programs as part of their\n build process.\n\n You should install flex if you are going to use your system for\n application development.\");\n\n script_tag(name: \"affected\", value: \"flex on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-8d79ade826\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/425Z3AVTSRDHYXLITCOOZKS233ZB2X6Z\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.6.0~2.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:54", "references": ["http://www.debian.org/security/2016/dsa-3653.html"], "pluginID": "1361412562310703653", "description": "Alexander Sulfrian discovered a buffer\noverflow in the yy_get_next_buffer() function generated by Flex, which may result\nin denial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-08-25T00:00:00", "title": "Debian Security Advisory DSA 3653-1 (flex - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:1361412562310703653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703653", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3653.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3653-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703653\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2016-6354\");\n script_name(\"Debian Security Advisory DSA 3653-1 (flex - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-08-25 00:00:00 +0200 (Thu, 25 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3653.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"flex on Debian Linux\");\n script_tag(name: \"insight\", value: \"Flex is a tool for generating scanners:\nprograms which recognized lexical patterns in text. It reads the given input files\nfor a description of a scanner to generate. The description is in the form of pairs\nof regular expressions and C code, called rules. Flex generates as output a C source\nfile, lex.yy.c, which defines a routine yylex(). This file is compiled\nand linked with the -lfl library to produce an executable. When the\nexecutable is run, it analyzes its input for occurrences of the regular\nexpressions. Whenever it finds one, it executes the corresponding C code.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 2.5.39-8+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 2.6.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your flex packages.\");\n script_tag(name: \"summary\", value: \"Alexander Sulfrian discovered a buffer\noverflow in the yy_get_next_buffer() function generated by Flex, which may result\nin denial of service and potentially the execution of code if operating on\ndata from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"flex\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"flex-doc\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:amd64\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:i386\", ver:\"2.6.1-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"flex\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"flex-doc\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:amd64\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfl-dev:i386\", ver:\"2.5.39-8+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T12:58:13", "references": ["2017:0356_1"], "pluginID": "1361412562310851483", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-02-03T00:00:00", "title": "SuSE Update for seamonkey openSUSE-SU-2017:0356-1 (seamonkey)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310851483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851483", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0356_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for seamonkey openSUSE-SU-2017:0356-1 (seamonkey)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851483\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:08 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2016-6354\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for seamonkey openSUSE-SU-2017:0356-1 (seamonkey)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'seamonkey'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for Seamonkey to version 2.46 fixes security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - Fix all Gecko related security issues between 43.0.1 and 49.0.2\n\n - CVE-2016-6354: buffer overrun in flex (boo#990856)\n\n The following non-security changes are included:\n\n - improve recognition of LANGUAGE env variable (boo#1017174)\n\n - improve TLS compatibility with certain websites (boo#1021636)\n\n - Seamonkey now requires NSPR 4.12 and NSS 3.25\n\n - based on Gecko 49.0.2\n\n - Chatzilla and DOM Inspector were disabled\");\n script_tag(name:\"affected\", value:\"seamonkey on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0356_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"seamonkey\", rpm:\"seamonkey~2.46~9.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debuginfo\", rpm:\"seamonkey-debuginfo~2.46~9.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-debugsource\", rpm:\"seamonkey-debugsource~2.46~9.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-common\", rpm:\"seamonkey-translations-common~2.46~9.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"seamonkey-translations-other\", rpm:\"seamonkey-translations-other~2.46~9.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:34:07", "references": ["http://www.mozilla.com/en-US/firefox/all.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/"], "pluginID": "1361412562310810752", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-04-20T00:00:00", "title": "Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-MAC OS X", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2016-1019", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5458", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5455", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2017-5450", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-5456", "CVE-2017-5453", "CVE-2017-5468", "CVE-2017-5430", "CVE-2017-5463", "CVE-2017-5452", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5443", "CVE-2017-5464"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310810752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2017-10_2017-12_macosx.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810752\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5433\", \"CVE-2017-5435\", \"CVE-2017-5436\", \"CVE-2017-5461\",\n\"CVE-2017-5459\", \"CVE-2017-5466\", \"CVE-2017-5434\", \"CVE-2017-5432\",\n\"CVE-2017-5460\", \"CVE-2017-5438\", \"CVE-2017-5439\", \"CVE-2017-5440\",\n\"CVE-2017-5441\", \"CVE-2017-5442\", \"CVE-2017-5464\", \"CVE-2017-5443\",\n\"CVE-2017-5444\", \"CVE-2017-5446\", \"CVE-2017-5447\", \"CVE-2017-5465\",\n\"CVE-2017-5448\", \"CVE-2017-5437\", \"CVE-2016-1019\", \"CVE-2017-5454\",\n\"CVE-2017-5455\", \"CVE-2017-5456\", \"CVE-2017-5469\", \"CVE-2016-6354\",\n\"CVE-2017-5445\", \"CVE-2017-5449\", \"CVE-2017-5450\", \"CVE-2017-5451\",\n\"CVE-2017-5462\", \"CVE-2017-5463\", \"CVE-2017-5467\", \"CVE-2017-5452\",\n\"CVE-2017-5453\", \"CVE-2017-5458\", \"CVE-2017-5468\", \"CVE-2017-5430\",\n\"CVE-2017-5429\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 10:53:42 +0530 (Thu, 20 Apr 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - An use-after-free in SMIL animation functions,\n\n - An use-after-free during transaction processing in the editor,\n\n - An uut-of-bounds write with malicious font in Graphite 2,\n\n - An Out-of-bounds write in Base64 encoding in NSS,\n\n - The buffer overflow in WebGL,\n\n - The origin confusion when reloading isolated data:text/html URL,\n\n - An use-after-free during focus handling,\n\n - An use-after-free in text input selection,\n\n - An use-after-free in frame selection,\n\n - An use-after-free in nsAutoPtr during XSLT processing,\n\n - An use-after-free in nsTArray Length() during XSLT processing,\n\n - An use-after-free in txExecutionState destructor during XSLT processing,\n\n - An use-after-free with selection during scroll events,\n\n - An use-after-free during style changes,\n\n - The memory corruption with accessibility and DOM manipulation,\n\n - The out-of-bounds write during BinHex decoding,\n\n - The buffer overflow while parsing application/http-index-format content,\n\n - An out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data,\n\n - An out-of-bounds read during glyph processing,\n\n - An out-of-bounds read in ConvolvePixel,\n\n - An out-of-bounds write in ClearKeyDecryptor,\n\n - The vulnerabilities in Libevent library,\n\n - The sandbox escape allowing file system read access through file picker,\n\n - The sandbox escape through internal feed reader APIs,\n\n - The sandbox escape allowing local file system access,\n\n - The Potential Buffer overflow in flex-generated code,\n\n - An uninitialized values used while parsing application/http-index-format content,\n\n - The crash during bidirectional unicode manipulation with animation,\n\n - An addressbar spoofing using javascript: URI on Firefox for Android,\n\n - An addressbar spoofing with onblur event,\n\n - The DRBG flaw in NSS,\n\n - The memory corruption when drawing Skia content,\n\n - The addressbar spoofing during scrolling with editable content on Firefox for Android,\n\n - The HTML injection into RSS Reader feed preview page through TITLE element,\n\n - The drag and drop of javascript: URLs can allow for self-XSS,\n\n - An incorrect ownership model for Private Browsing information and\n\n - The memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, to delete arbitrary files by leveraging\n certain local file execution, to obtain sensitive information, and to cause\n a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 53.0 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 53.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"53.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"53.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:35:36", "references": ["http://www.mozilla.com/en-US/firefox/all.html", "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"], "pluginID": "1361412562310810751", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-04-20T00:00:00", "title": "Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-Windows", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2016-1019", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5458", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5455", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2017-5450", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-5456", "CVE-2017-5453", "CVE-2017-5468", "CVE-2017-5430", "CVE-2017-5463", "CVE-2017-5452", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5443", "CVE-2017-5464"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310810751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810751", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2017-10_2017-12_win.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810751\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5433\", \"CVE-2017-5435\", \"CVE-2017-5436\", \"CVE-2017-5461\",\n \"CVE-2017-5459\", \"CVE-2017-5466\", \"CVE-2017-5434\", \"CVE-2017-5432\",\n \"CVE-2017-5460\", \"CVE-2017-5438\", \"CVE-2017-5439\", \"CVE-2017-5440\",\n \"CVE-2017-5441\", \"CVE-2017-5442\", \"CVE-2017-5464\", \"CVE-2017-5443\",\n \"CVE-2017-5444\", \"CVE-2017-5446\", \"CVE-2017-5447\", \"CVE-2017-5465\",\n \"CVE-2017-5448\", \"CVE-2017-5437\", \"CVE-2016-1019\", \"CVE-2017-5454\",\n \"CVE-2017-5455\", \"CVE-2017-5456\", \"CVE-2017-5469\", \"CVE-2016-6354\",\n \"CVE-2017-5445\", \"CVE-2017-5449\", \"CVE-2017-5450\", \"CVE-2017-5451\",\n \"CVE-2017-5462\", \"CVE-2017-5463\", \"CVE-2017-5467\", \"CVE-2017-5452\",\n \"CVE-2017-5453\", \"CVE-2017-5458\", \"CVE-2017-5468\", \"CVE-2017-5430\",\n \"CVE-2017-5429\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 10:53:01 +0530 (Thu, 20 Apr 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - An use-after-free in SMIL animation functions,\n\n - An use-after-free during transaction processing in the editor,\n\n - An uut-of-bounds write with malicious font in Graphite 2,\n\n - An Out-of-bounds write in Base64 encoding in NSS,\n\n - The buffer overflow in WebGL,\n\n - The origin confusion when reloading isolated data:text/html URL,\n\n - An use-after-free during focus handling,\n\n - An use-after-free in text input selection,\n\n - An use-after-free in frame selection,\n\n - An use-after-free in nsAutoPtr during XSLT processing,\n\n - An use-after-free in nsTArray Length() during XSLT processing,\n\n - An use-after-free in txExecutionState destructor during XSLT processing,\n\n - An use-after-free with selection during scroll events,\n\n - An use-after-free during style changes,\n\n - The memory corruption with accessibility and DOM manipulation,\n\n - The out-of-bounds write during BinHex decoding,\n\n - The buffer overflow while parsing application/http-index-format content,\n\n - An out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data,\n\n - An out-of-bounds read during glyph processing,\n\n - An out-of-bounds read in ConvolvePixel,\n\n - An out-of-bounds write in ClearKeyDecryptor,\n\n - The vulnerabilities in Libevent library,\n\n - The sandbox escape allowing file system read access through file picker,\n\n - The sandbox escape through internal feed reader APIs,\n\n - The sandbox escape allowing local file system access,\n\n - The Potential Buffer overflow in flex-generated code,\n\n - An uninitialized values used while parsing application/http-index-format content,\n\n - The crash during bidirectional unicode manipulation with animation,\n\n - An addressbar spoofing using javascript: URI on Firefox for Android,\n\n - An addressbar spoofing with onblur event,\n\n - The DRBG flaw in NSS,\n\n - The memory corruption when drawing Skia content,\n\n - The addressbar spoofing during scrolling with editable content on Firefox for Android,\n\n - The HTML injection into RSS Reader feed preview page through TITLE element,\n\n - The drag and drop of javascript: URLs can allow for self-XSS,\n\n - An incorrect ownership model for Private Browsing information and\n\n - The memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, to delete arbitrary files by leveraging\n certain local file execution, to obtain sensitive information, and to cause\n a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 53.0 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 53.0\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"53.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"53.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:25:03", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856"], "pluginID": "93855", "description": "Various packages included vulnerable parsers generated by 'flex'.\n\nThis update provides a fixed 'flex' package and also rebuilds of\npackages that might have security issues caused by the auto generated\ncode.\n\nFlex itself was updated to fix a buffer overflow in the generated\nscanner (bsc#990856, CVE-2016-6354)\n\nPackages that were rebuilt with the fixed flex :\n\n - at\n\n - libbonobo\n\n - netpbm\n\n - openslp\n\n - sgmltool\n\n - virtuoso\n\nSome more packages might also need to be rebuild to receive a new flex\nparser, but will be released later.\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 6, "reporter": "Tenable", "published": "2016-10-05T00:00:00", "title": "openSUSE Security Update : flex / at / libbonobo / etc (openSUSE-2016-1155)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sgmltool-debugsource", "p-cpe:/a:novell:opensuse:virtuoso-drivers-debuginfo", "p-cpe:/a:novell:opensuse:at", "p-cpe:/a:novell:opensuse:netpbm", "p-cpe:/a:novell:opensuse:virtuoso-server-debuginfo", "p-cpe:/a:novell:opensuse:libbonobo-debuginfo", "p-cpe:/a:novell:opensuse:flex-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libbonobo-doc-debuginfo", "p-cpe:/a:novell:opensuse:openslp-server-debuginfo", "p-cpe:/a:novell:opensuse:flex-debuginfo", "p-cpe:/a:novell:opensuse:virtuoso-debugsource", "p-cpe:/a:novell:opensuse:openslp-debugsource", "p-cpe:/a:novell:opensuse:sgmltool-debuginfo", "p-cpe:/a:novell:opensuse:libnetpbm11", "p-cpe:/a:novell:opensuse:openslp-devel", "p-cpe:/a:novell:opensuse:at-debugsource", "p-cpe:/a:novell:opensuse:libnetpbm11-32bit", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:virtuoso-drivers", "p-cpe:/a:novell:opensuse:openslp-32bit", "p-cpe:/a:novell:opensuse:libbonobo-debugsource", "p-cpe:/a:novell:opensuse:openslp-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libbonobo", "p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo", "p-cpe:/a:novell:opensuse:flex-32bit", "p-cpe:/a:novell:opensuse:at-debuginfo", "p-cpe:/a:novell:opensuse:openslp-server", "p-cpe:/a:novell:opensuse:libbonobo-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:netpbm-debuginfo", "p-cpe:/a:novell:opensuse:sgmltool", "p-cpe:/a:novell:opensuse:openslp-debuginfo", "p-cpe:/a:novell:opensuse:libbonobo-devel", "p-cpe:/a:novell:opensuse:libbonobo-lang", "p-cpe:/a:novell:opensuse:virtuoso-server", "p-cpe:/a:novell:opensuse:libnetpbm-devel", "p-cpe:/a:novell:opensuse:netpbm-debugsource", "p-cpe:/a:novell:opensuse:flex", "p-cpe:/a:novell:opensuse:openslp", "p-cpe:/a:novell:opensuse:libbonobo-32bit", "p-cpe:/a:novell:opensuse:flex-debugsource"], "id": "OPENSUSE-2016-1155.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1155.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93855);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:28 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : flex / at / libbonobo / etc (openSUSE-2016-1155)\");\n script_summary(english:\"Check for the openSUSE-2016-1155 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various packages included vulnerable parsers generated by 'flex'.\n\nThis update provides a fixed 'flex' package and also rebuilds of\npackages that might have security issues caused by the auto generated\ncode.\n\nFlex itself was updated to fix a buffer overflow in the generated\nscanner (bsc#990856, CVE-2016-6354)\n\nPackages that were rebuilt with the fixed flex :\n\n - at\n\n - libbonobo\n\n - netpbm\n\n - openslp\n\n - sgmltool\n\n - virtuoso\n\nSome more packages might also need to be rebuild to receive a new flex\nparser, but will be released later.\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flex / at / libbonobo / etc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:at\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:at-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:at-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flex-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flex-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flex-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbonobo-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetpbm11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:netpbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:netpbm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openslp-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sgmltool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sgmltool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sgmltool-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtuoso-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtuoso-drivers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtuoso-drivers-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtuoso-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtuoso-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"at-3.1.14-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"at-debuginfo-3.1.14-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"at-debugsource-3.1.14-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"flex-2.5.37-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"flex-debuginfo-2.5.37-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"flex-debugsource-2.5.37-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-debuginfo-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-debugsource-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-devel-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-doc-debuginfo-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libbonobo-lang-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetpbm-devel-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetpbm11-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetpbm11-debuginfo-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"netpbm-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"netpbm-debuginfo-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"netpbm-debugsource-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-debuginfo-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-debugsource-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-devel-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-server-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openslp-server-debuginfo-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sgmltool-1.0.9-1078.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sgmltool-debuginfo-1.0.9-1078.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sgmltool-debugsource-1.0.9-1078.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"virtuoso-debugsource-6.1.6-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"virtuoso-drivers-6.1.6-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"virtuoso-drivers-debuginfo-6.1.6-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"virtuoso-server-6.1.6-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"virtuoso-server-debuginfo-6.1.6-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"flex-32bit-2.5.37-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"flex-debuginfo-32bit-2.5.37-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libbonobo-32bit-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libbonobo-debuginfo-32bit-2.32.1-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libnetpbm11-32bit-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libnetpbm11-debuginfo-32bit-10.66.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"openslp-32bit-2.0.0-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"openslp-debuginfo-32bit-2.0.0-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"at / at-debuginfo / at-debugsource / flex / flex-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:39", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9ad9582f7"], "pluginID": "92808", "description": "Change type for num_to_read from yy_size_t to int.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2016-08-09T00:00:00", "title": "Fedora 24 : flex (2016-c9ad9582f7)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2016-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:flex", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-C9AD9582F7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c9ad9582f7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92808);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:07 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n script_xref(name:\"FEDORA\", value:\"2016-c9ad9582f7\");\n\n script_name(english:\"Fedora 24 : flex (2016-c9ad9582f7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Change type for num_to_read from yy_size_t to int.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c9ad9582f7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flex package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"flex-2.6.0-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flex\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:26:04", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1017174", "https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=984637", "https://bugzilla.opensuse.org/show_bug.cgi?id=1021636"], "pluginID": "96942", "description": "This update for SeaMonkey to version 2.46 fixes security issues and\nbugs.\n\nThe following vulnerabilities were fixed :\n\n - Fix all Gecko related security issues between 43.0.1 and\n 49.0.2\n\n - CVE-2016-6354: buffer overrun in flex (boo#990856)\n\nThe following non-security changes are included :\n\n - improve recognition of LANGUAGE env variable\n (boo#1017174)\n\n - improve TLS compatibility with certain websites\n (boo#1021636)\n\n - SeaMonkey now requires NSPR 4.12 and NSS 3.25\n\n - based on Gecko 49.0.2\n\n - Chatzilla and DOM Inspector were disabled", "edition": 5, "reporter": "Tenable", "published": "2017-02-02T00:00:00", "title": "openSUSE Security Update : seamonkey (openSUSE-2017-189)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:seamonkey-debugsource", "p-cpe:/a:novell:opensuse:seamonkey-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:seamonkey-translations-other", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:seamonkey-translations-common", "p-cpe:/a:novell:opensuse:seamonkey"], "id": "OPENSUSE-2017-189.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96942", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-189.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96942);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/02/02 14:39:40 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : seamonkey (openSUSE-2017-189)\");\n script_summary(english:\"Check for the openSUSE-2017-189 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for SeaMonkey to version 2.46 fixes security issues and\nbugs.\n\nThe following vulnerabilities were fixed :\n\n - Fix all Gecko related security issues between 43.0.1 and\n 49.0.2\n\n - CVE-2016-6354: buffer overrun in flex (boo#990856)\n\nThe following non-security changes are included :\n\n - improve recognition of LANGUAGE env variable\n (boo#1017174)\n\n - improve TLS compatibility with certain websites\n (boo#1021636)\n\n - SeaMonkey now requires NSPR 4.12 and NSS 3.25\n\n - based on Gecko 49.0.2\n\n - Chatzilla and DOM Inspector were disabled\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected seamonkey packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:seamonkey-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-debuginfo-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-debugsource-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-translations-common-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"seamonkey-translations-other-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"seamonkey-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"seamonkey-debuginfo-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"seamonkey-debugsource-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"seamonkey-translations-common-2.46-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"seamonkey-translations-other-2.46-9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"seamonkey / seamonkey-debuginfo / seamonkey-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:43", "references": ["https://www.debian.org/security/2016/dsa-3653", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832768", "https://packages.debian.org/source/jessie/flex"], "pluginID": "93116", "description": "Alexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating\non data from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.", "edition": 9, "reporter": "Tenable", "published": "2016-08-26T00:00:00", "title": "Debian DSA-3653-1 : flex - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:flex"], "id": "DEBIAN_DSA-3653.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93116", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3653. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93116);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2016-6354\");\n script_xref(name:\"DSA\", value:\"3653\");\n\n script_name(english:\"Debian DSA-3653-1 : flex - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating\non data from untrusted sources.\n\nAffected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/flex\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3653\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the flex packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.5.39-8+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"flex\", reference:\"2.5.39-8+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"flex-doc\", reference:\"2.5.39-8+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libfl-dev\", reference:\"2.5.39-8+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:25:49", "references": ["https://security.gentoo.org/glsa/201701-31"], "pluginID": "96425", "description": "The remote host is affected by the vulnerability described in GLSA-201701-31\n(flex: Potential insecure code generation)\n\n A heap-based buffer overflow in the yy_get_next_buffer function in Flex\n might allow context-dependent attackers to cause a denial of service or\n possibly execute arbitrary code via vectors involving num_to_read.\nImpact :\n\n Context-dependent attackers could cause a Denial of Service condition or\n possibly execute arbitrary code with the privileges of the process.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2017-01-12T00:00:00", "title": "GLSA-201701-31 : flex: Potential insecure code generation", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2017-01-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:flex"], "id": "GENTOO_GLSA-201701-31.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-31.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96425);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/01/12 14:54:53 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n script_xref(name:\"GLSA\", value:\"201701-31\");\n\n script_name(english:\"GLSA-201701-31 : flex: Potential insecure code generation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-31\n(flex: Potential insecure code generation)\n\n A heap-based buffer overflow in the yy_get_next_buffer function in Flex\n might allow context-dependent attackers to cause a denial of service or\n possibly execute arbitrary code via vectors involving num_to_read.\n \nImpact :\n\n Context-dependent attackers could cause a Denial of Service condition or\n possibly execute arbitrary code with the privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-31\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All flex users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/flex-2.6.1'\n Packages which depend on flex may need to be recompiled. Tools such as\n qdepends (included in app-portage/portage-utils) may assist in\n identifying these packages:\n # emerge --oneshot --ask --verbose $(qdepends -CQ sys-devel/flex | sed\n 's/^/=/')\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/flex\", unaffected:make_list(\"ge 2.6.1\"), vulnerable:make_list(\"lt 2.6.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flex\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:25:34", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826"], "pluginID": "95679", "description": "Change type for num_to_read from yy_size_t to int.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-12-12T00:00:00", "title": "Fedora 23 : flex (2016-8d79ade826)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2016-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:flex", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-8D79ADE826.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=95679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-8d79ade826.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95679);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/12/12 14:40:36 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n script_xref(name:\"FEDORA\", value:\"2016-8d79ade826\");\n\n script_name(english:\"Fedora 23 : flex (2016-8d79ade826)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Change type for num_to_read from yy_size_t to int.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d79ade826\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected flex package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"flex-2.6.0-2.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flex\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:47", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=992236"], "pluginID": "93215", "description": "This update for MozillaFirefox, mozilla-nss fixes the following \nissues :\n\nChanges in MozillaFirefox :\n\n - Mozilla Firefox 48.0.1 :\n\n - Fixed an audio regression impacting some major websites\n (bmo#1295296)\n\n - Fix a top crash in the JavaScript engine (bmo#1290469)\n\n - Fix a startup crash issue caused by Websense\n (bmo#1291738)\n\n - Fix a different behavior with e10s / non-e10s on\n <select> and mouse events (bmo#1291078)\n\n - Fix a top crash caused by plugin issues (bmo#1264530)\n\n - Fix a shutdown issue (bmo#1276920)\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64 (bmo#1282843)\n\n - CVE-2016-6354: Fix for possible buffer overrun\n (boo#990856)\n\nChanges in mozilla-nss :\n\n - also sign libfreeblpriv3.so to allow FIPS mode again\n (boo#992236)", "edition": 6, "reporter": "Tenable", "published": "2016-08-30T00:00:00", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1028)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel"], "id": "OPENSUSE-2016-1028.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93215", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1028.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93215);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1028)\");\n script_summary(english:\"Check for the openSUSE-2016-1028 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes the following \nissues :\n\nChanges in MozillaFirefox :\n\n - Mozilla Firefox 48.0.1 :\n\n - Fixed an audio regression impacting some major websites\n (bmo#1295296)\n\n - Fix a top crash in the JavaScript engine (bmo#1290469)\n\n - Fix a startup crash issue caused by Websense\n (bmo#1291738)\n\n - Fix a different behavior with e10s / non-e10s on\n <select> and mouse events (bmo#1291078)\n\n - Fix a top crash caused by plugin issues (bmo#1264530)\n\n - Fix a shutdown issue (bmo#1276920)\n\n - Fix a crash in WebRTC\n\n - added upstream patch so system plugins/extensions are\n correctly loaded again on x86-64 (bmo#1282843)\n\n - CVE-2016-6354: Fix for possible buffer overrun\n (boo#990856)\n\nChanges in mozilla-nss :\n\n - also sign libfreeblpriv3.so to allow FIPS mode again\n (boo#992236)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-48.0.1-77.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debugsource-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-devel-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-debuginfo-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-48.0.1-30.6\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debugsource-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-devel-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-debuginfo-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.24-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.24-26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:25:00", "references": ["http://www.nessus.org/u?d4eccf7b", "https://bugzilla.suse.com/show_bug.cgi?id=990856", "https://www.suse.com/security/cve/CVE-2015-8079/", "https://www.suse.com/security/cve/CVE-2016-6354/", "https://bugzilla.suse.com/show_bug.cgi?id=954210"], "pluginID": "93768", "description": "Various packages included vulnerable parsers generated by 'flex'. This\nupdate provides a fixed 'flex' package and also rebuilds of packages\nthat might have security issues caused by the auto generated code.\nFlex itself was updated to fix a buffer overflow in the generated\nscanner (bsc#990856, CVE-2016-6354) Packages that were rebuilt with\nthe fixed flex :\n\n - at\n\n - bogofilter\n\n - cyrus-imapd\n\n - kdelibs4\n\n - libQtWebKit4\n\n - libbonobo\n\n - mdbtools\n\n - netpbm\n\n - openslp\n\n - sgmltool\n\n - virtuoso Also libqt5-qtwebkit received an additional\n security fix :\n\n - CVE-2015-8079: QtWebKit logs visited URLs to\n WebpageIcons.db in private browsing mode (bsc#954210).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2016-09-28T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (SUSE-SU-2016:2397-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6354", "CVE-2015-8079"], "modified": "2018-11-29T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:bogofilter-debugsource", "p-cpe:/a:novell:suse_linux:at-debugsource", "p-cpe:/a:novell:suse_linux:libksuseinstall1", "p-cpe:/a:novell:suse_linux:perl-Cyrus-IMAP-debuginfo", "p-cpe:/a:novell:suse_linux:netpbm", "p-cpe:/a:novell:suse_linux:libbonobo", "p-cpe:/a:novell:suse_linux:netpbm-debuginfo", "p-cpe:/a:novell:suse_linux:libQtWebKit4-debugsource", "p-cpe:/a:novell:suse_linux:libksuseinstall1-debuginfo", "p-cpe:/a:novell:suse_linux:libnetpbm11", "p-cpe:/a:novell:suse_linux:libbonobo-debuginfo", "p-cpe:/a:novell:suse_linux:libQtWebKit4", "p-cpe:/a:novell:suse_linux:libbonobo-doc-debuginfo", "p-cpe:/a:novell:suse_linux:at", "p-cpe:/a:novell:suse_linux:kdelibs4-debugsource", "p-cpe:/a:novell:suse_linux:flex-debuginfo", "p-cpe:/a:novell:suse_linux:openslp-debugsource", "p-cpe:/a:novell:suse_linux:bogofilter-debuginfo", "p-cpe:/a:novell:suse_linux:perl-Cyrus-SIEVE-managesieve-debuginfo", "p-cpe:/a:novell:suse_linux:libkdecore4", "p-cpe:/a:novell:suse_linux:libQtWebKit4-debuginfo", "p-cpe:/a:novell:suse_linux:perl-Cyrus-IMAP", "p-cpe:/a:novell:suse_linux:libbonobo-debugsource", "p-cpe:/a:novell:suse_linux:at-debuginfo", "p-cpe:/a:novell:suse_linux:openslp-server-debuginfo", "p-cpe:/a:novell:suse_linux:kdelibs4-debuginfo", "p-cpe:/a:novell:suse_linux:openslp-debuginfo", "p-cpe:/a:novell:suse_linux:cyrus-imapd-debuginfo", "p-cpe:/a:novell:suse_linux:perl-Cyrus-SIEVE-managesieve", "p-cpe:/a:novell:suse_linux:openslp", "p-cpe:/a:novell:suse_linux:libkde4-debuginfo", "p-cpe:/a:novell:suse_linux:libnetpbm11-debuginfo", "p-cpe:/a:novell:suse_linux:flex-debugsource", "p-cpe:/a:novell:suse_linux:libbonobo-doc", "p-cpe:/a:novell:suse_linux:bogofilter", "p-cpe:/a:novell:suse_linux:openslp-server", "p-cpe:/a:novell:suse_linux:libkdecore4-debuginfo", "p-cpe:/a:novell:suse_linux:cyrus-imapd-debugsource", "p-cpe:/a:novell:suse_linux:netpbm-debugsource", "p-cpe:/a:novell:suse_linux:flex", "p-cpe:/a:novell:suse_linux:libkde4"], "id": "SUSE_SU-2016-2397-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2397-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93768);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/29 12:03:39\");\n\n script_cve_id(\"CVE-2015-8079\", \"CVE-2016-6354\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (SUSE-SU-2016:2397-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various packages included vulnerable parsers generated by 'flex'. This\nupdate provides a fixed 'flex' package and also rebuilds of packages\nthat might have security issues caused by the auto generated code.\nFlex itself was updated to fix a buffer overflow in the generated\nscanner (bsc#990856, CVE-2016-6354) Packages that were rebuilt with\nthe fixed flex :\n\n - at\n\n - bogofilter\n\n - cyrus-imapd\n\n - kdelibs4\n\n - libQtWebKit4\n\n - libbonobo\n\n - mdbtools\n\n - netpbm\n\n - openslp\n\n - sgmltool\n\n - virtuoso Also libqt5-qtwebkit received an additional\n security fix :\n\n - CVE-2015-8079: QtWebKit logs visited URLs to\n WebpageIcons.db in private browsing mode (bsc#954210).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6354/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162397-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4eccf7b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1390=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1390=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1390=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1390=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:at\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:at-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:at-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bogofilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bogofilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bogofilter-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-imapd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cyrus-imapd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flex-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flex-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kdelibs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kdelibs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQtWebKit4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libQtWebKit4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbonobo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbonobo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbonobo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbonobo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbonobo-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkde4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkde4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkdecore4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libkdecore4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libksuseinstall1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libksuseinstall1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetpbm11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetpbm11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:netpbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:netpbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:netpbm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openslp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openslp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openslp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openslp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openslp-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Cyrus-IMAP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Cyrus-IMAP-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Cyrus-SIEVE-managesieve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Cyrus-SIEVE-managesieve-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debugsource-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"at-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"at-debuginfo-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"at-debugsource-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"cyrus-imapd-debuginfo-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"cyrus-imapd-debugsource-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"flex-2.5.37-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"flex-debuginfo-2.5.37-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"flex-debugsource-2.5.37-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kdelibs4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kdelibs4-debugsource-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-debuginfo-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-debugsource-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-doc-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-doc-debuginfo-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkde4-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkde4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkdecore4-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkdecore4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libksuseinstall1-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libksuseinstall1-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetpbm11-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetpbm11-debuginfo-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"netpbm-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"netpbm-debuginfo-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"netpbm-debugsource-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-debuginfo-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-debugsource-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-server-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-server-debuginfo-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"perl-Cyrus-IMAP-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"perl-Cyrus-IMAP-debuginfo-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"perl-Cyrus-SIEVE-managesieve-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"flex-32bit-2.5.37-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"flex-debuginfo-32bit-2.5.37-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-32bit-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libbonobo-debuginfo-32bit-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkde4-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkde4-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkdecore4-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libkdecore4-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libksuseinstall1-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libksuseinstall1-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetpbm11-32bit-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetpbm11-debuginfo-32bit-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-32bit-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openslp-debuginfo-32bit-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"at-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"at-debuginfo-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"at-debugsource-3.1.14-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bogofilter-1.2.4-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bogofilter-debuginfo-1.2.4-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"bogofilter-debugsource-1.2.4-5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kdelibs4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kdelibs4-debugsource-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libQtWebKit4-debugsource-4.8.6+2.3.3-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libbonobo-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libbonobo-32bit-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libbonobo-debuginfo-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libbonobo-debuginfo-32bit-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libbonobo-debugsource-2.32.1-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkde4-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkde4-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkde4-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkde4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkdecore4-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkdecore4-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkdecore4-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libkdecore4-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libksuseinstall1-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libksuseinstall1-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libksuseinstall1-debuginfo-32bit-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libksuseinstall1-debuginfo-4.12.0-7.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetpbm11-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetpbm11-32bit-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetpbm11-debuginfo-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetpbm11-debuginfo-32bit-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"netpbm-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"netpbm-debuginfo-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"netpbm-debugsource-10.66.3-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openslp-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openslp-32bit-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openslp-debuginfo-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openslp-debuginfo-32bit-2.0.0-11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openslp-debugsource-2.0.0-11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flex / at / bogofilter / cyrus-imapd / kdelibs4 / libQtWebKit4 / libbonobo / mdbtools / netpbm / openslp / sgmltool / virtuoso / libqt5-qtwebkit\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:50", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.opensuse.org/show_bug.cgi?id=991809"], "pluginID": "93363", "description": "This update for MozillaThunderbird fixes the following issues :\n\n - update to Thunderbird 45.3.0 (boo#991809)\n\n - Disposition-Notification-To could not be used in\n mail.compose.other.header\n\n - 'edit as new message' on a received message pre-filled\n the sender as the composing identity.\n\n - Certain messages caused corruption of the drafts summary\n database. security fixes :\n\n - MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety\n hazards\n\n - MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network\n connection can persist when page is closed\n\n - MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow\n rendering SVG with bidirectional content\n\n - MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering\n crash due to memory allocation issue with FFmpeg 0.10\n\n - MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow\n during 2D graphics rendering\n\n - MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free\n when using alt key and toplevel menus\n\n - MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free\n in DTLS during WebRTC session shutdown\n\n - MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free\n in service workers with nested sync events\n\n - MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on\n marquee tag can execute in sandboxed iframes\n\n - MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow\n in ClearKey Content Decryption Module (CDM) during video\n playback\n\n - MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion\n in display transformation\n\n - MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free\n when applying SVG effects\n\n - MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin\n policy violation using local HTML file and saved\n shortcut file\n\n - Fix for possible buffer overrun (boo#990856)\n CVE-2016-6354 (bmo#1292534)\n [mozilla-flex_buffer_overrun.patch]\n\n - add a screenshot to appdata.xml", "edition": 6, "reporter": "Tenable", "published": "2016-09-08T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1057)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5252", "CVE-2016-5259", "CVE-2016-5254", "CVE-2016-6354", "CVE-2016-5265", "CVE-2016-5264", "CVE-2016-5258", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-2838", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-5262", "CVE-2016-2830"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1057.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1057.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93363);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-2830\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5252\", \"CVE-2016-5254\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1057)\");\n script_summary(english:\"Check for the openSUSE-2016-1057 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaThunderbird fixes the following issues :\n\n - update to Thunderbird 45.3.0 (boo#991809)\n\n - Disposition-Notification-To could not be used in\n mail.compose.other.header\n\n - 'edit as new message' on a received message pre-filled\n the sender as the composing identity.\n\n - Certain messages caused corruption of the drafts summary\n database. security fixes :\n\n - MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety\n hazards\n\n - MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network\n connection can persist when page is closed\n\n - MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow\n rendering SVG with bidirectional content\n\n - MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering\n crash due to memory allocation issue with FFmpeg 0.10\n\n - MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow\n during 2D graphics rendering\n\n - MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free\n when using alt key and toplevel menus\n\n - MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free\n in DTLS during WebRTC session shutdown\n\n - MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free\n in service workers with nested sync events\n\n - MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on\n marquee tag can execute in sandboxed iframes\n\n - MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow\n in ClearKey Content Decryption Module (CDM) during video\n playback\n\n - MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion\n in display transformation\n\n - MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free\n when applying SVG effects\n\n - MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin\n policy violation using local HTML file and saved\n shortcut file\n\n - Fix for possible buffer overrun (boo#990856)\n CVE-2016-6354 (bmo#1292534)\n [mozilla-flex_buffer_overrun.patch]\n\n - add a screenshot to appdata.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991809\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-buildsymbols-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debuginfo-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debugsource-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-devel-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-common-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-other-45.3.0-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-buildsymbols-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debuginfo-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debugsource-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-devel-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-common-45.3.0-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-other-45.3.0-19.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:58", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1278013", "https://bugzilla.mozilla.org/show_bug.cgi?id=1286183", "https://bugzilla.opensuse.org/show_bug.cgi?id=990856", "https://bugzilla.mozilla.org/show_bug.cgi?id=1279814", "https://bugzilla.mozilla.org/show_bug.cgi?id=1276897", "https://bugzilla.mozilla.org/show_bug.cgi?id=1266963", "https://bugzilla.mozilla.org/show_bug.cgi?id=1279146", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1277475", "https://bugzilla.mozilla.org/show_bug.cgi?id=1268854", "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282992", "https://bugzilla.mozilla.org/show_bug.cgi?id=1274637", "https://bugzilla.opensuse.org/show_bug.cgi?id=991809", "https://bugzilla.mozilla.org/show_bug.cgi?id=1275339"], "pluginID": "93706", "description": "- update to Thunderbird 45.3.0 (boo#991809)\n\n - Disposition-Notification-To could not be used in\n mail.compose.other.header\n\n - 'edit as new message' on a received message pre-filled\n the sender as the composing identity.\n\n - Certain messages caused corruption of the drafts summary\n database. security fixes :\n\n - MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety\n hazards\n\n - MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network\n connection can persist when page is closed\n\n - MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow\n rendering SVG with bidirectional content\n\n - MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering\n crash due to memory allocation issue with FFmpeg 0.10\n\n - MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow\n during 2D graphics rendering\n\n - MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free\n when using alt key and toplevel menus\n\n - MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free\n in DTLS during WebRTC session shutdown\n\n - MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free\n in service workers with nested sync events\n\n - MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on\n marquee tag can execute in sandboxed iframes\n\n - MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow\n in ClearKey Content Decryption Module (CDM) during video\n playback\n\n - MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion\n in display transformation\n\n - MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free\n when applying SVG effects\n\n - MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin\n policy violation using local HTML file and saved\n shortcut file\n\n - Fix for possible buffer overrun (boo#990856)\n CVE-2016-6354 (bmo#1292534)\n [mozilla-flex_buffer_overrun.patch]\n\n - add a screenshot to appdata.xml", "edition": 6, "reporter": "Tenable", "published": "2016-09-26T00:00:00", "title": "openSUSE Security Update : Thunderbird (openSUSE-2016-1120)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5252", "CVE-2016-5259", "CVE-2016-5254", "CVE-2016-6354", "CVE-2016-5265", "CVE-2016-5264", "CVE-2016-5258", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-2838", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-5262", "CVE-2016-2830"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1120.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93706);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-2830\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5252\", \"CVE-2016-5254\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-6354\");\n\n script_name(english:\"openSUSE Security Update : Thunderbird (openSUSE-2016-1120)\");\n script_summary(english:\"Check for the openSUSE-2016-1120 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to Thunderbird 45.3.0 (boo#991809)\n\n - Disposition-Notification-To could not be used in\n mail.compose.other.header\n\n - 'edit as new message' on a received message pre-filled\n the sender as the composing identity.\n\n - Certain messages caused corruption of the drafts summary\n database. security fixes :\n\n - MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety\n hazards\n\n - MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network\n connection can persist when page is closed\n\n - MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow\n rendering SVG with bidirectional content\n\n - MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering\n crash due to memory allocation issue with FFmpeg 0.10\n\n - MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow\n during 2D graphics rendering\n\n - MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free\n when using alt key and toplevel menus\n\n - MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free\n in DTLS during WebRTC session shutdown\n\n - MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free\n in service workers with nested sync events\n\n - MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on\n marquee tag can execute in sandboxed iframes\n\n - MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow\n in ClearKey Content Decryption Module (CDM) during video\n playback\n\n - MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion\n in display transformation\n\n - MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free\n when applying SVG effects\n\n - MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin\n policy violation using local HTML file and saved\n shortcut file\n\n - Fix for possible buffer overrun (boo#990856)\n CVE-2016-6354 (bmo#1292534)\n [mozilla-flex_buffer_overrun.patch]\n\n - add a screenshot to appdata.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1255270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1266963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1268854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1274637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1275339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1277475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1278013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1279146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1279814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1282992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1286183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991809\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-45.3.0-70.86.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-45.3.0-70.86.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-01-11T14:15:25", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6354", "https://bugs.gentoo.org/show_bug.cgi?id=589820"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.6.1", "arch": "all", "packageName": "sys-devel/flex", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "### Background\n\nflex is a programming tool used to generate scanners (programs which recognize lexical patterns in text). \n\n### Description\n\nA heap-based buffer overflow in the yy_get_next_buffer function in Flex might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. \n\n### Impact\n\nContext-dependent attackers could cause a Denial of Service condition or possibly execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll flex users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/flex-2.6.1\"\n \n\nPackages which depend on flex may need to be recompiled. Tools such as qdepends (included in app-portage/portage-utils) may assist in identifying these packages: \n \n \n # emerge --oneshot --ask --verbose $(qdepends -CQ sys-devel/flex | sed\n 's/^/=/')", "reporter": "Gentoo Foundation", "published": "2017-01-11T00:00:00", "type": "gentoo", "title": "flex: Potential insecure code generation", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-6354"], "modified": "2017-01-11T00:00:00", "href": "https://security.gentoo.org/glsa/201701-31", "id": "GLSA-201701-31", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-20T04:07:02", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2017-5465", "https://bugs.gentoo.org/show_bug.cgi?id=648198", "https://nvd.nist.gov/vuln/detail/CVE-2017-7773", "https://nvd.nist.gov/vuln/detail/CVE-2016-10196", "https://nvd.nist.gov/vuln/detail/CVE-2018-5102", "https://nvd.nist.gov/vuln/detail/CVE-2017-7810", "https://nvd.nist.gov/vuln/detail/CVE-2017-7752", "https://nvd.nist.gov/vuln/detail/CVE-2017-7750", "https://nvd.nist.gov/vuln/detail/CVE-2017-7778", "https://nvd.nist.gov/vuln/detail/CVE-2018-5099", "https://nvd.nist.gov/vuln/detail/CVE-2017-7824", "https://nvd.nist.gov/vuln/detail/CVE-2017-5434", "https://nvd.nist.gov/vuln/detail/CVE-2017-7803", "https://nvd.nist.gov/vuln/detail/CVE-2017-7805", "https://nvd.nist.gov/vuln/detail/CVE-2017-5441", "https://nvd.nist.gov/vuln/detail/CVE-2017-5444", "https://nvd.nist.gov/vuln/detail/CVE-2017-5459", "https://nvd.nist.gov/vuln/detail/CVE-2017-5439", "https://bugs.gentoo.org/show_bug.cgi?id=616030", "https://nvd.nist.gov/vuln/detail/CVE-2018-5089", "https://nvd.nist.gov/vuln/detail/CVE-2017-5443", "https://nvd.nist.gov/vuln/detail/CVE-2017-5445", "https://nvd.nist.gov/vuln/detail/CVE-2016-10195", "https://nvd.nist.gov/vuln/detail/CVE-2017-7786", "https://nvd.nist.gov/vuln/detail/CVE-2017-5429", "https://nvd.nist.gov/vuln/detail/CVE-2018-5117", "https://nvd.nist.gov/vuln/detail/CVE-2017-5462", "https://nvd.nist.gov/vuln/detail/CVE-2017-5433", "https://nvd.nist.gov/vuln/detail/CVE-2017-7784", "https://nvd.nist.gov/vuln/detail/CVE-2017-7772", "https://bugs.gentoo.org/show_bug.cgi?id=639854", "https://nvd.nist.gov/vuln/detail/CVE-2017-7785", "https://nvd.nist.gov/vuln/detail/CVE-2016-10197", "https://nvd.nist.gov/vuln/detail/CVE-2017-7798", "https://nvd.nist.gov/vuln/detail/CVE-2017-5447", "https://nvd.nist.gov/vuln/detail/CVE-2017-7775", "https://nvd.nist.gov/vuln/detail/CVE-2017-7792", "https://nvd.nist.gov/vuln/detail/CVE-2017-7823", "https://nvd.nist.gov/vuln/detail/CVE-2016-6354", "https://nvd.nist.gov/vuln/detail/CVE-2018-5095", "https://nvd.nist.gov/vuln/detail/CVE-2017-7779", "https://nvd.nist.gov/vuln/detail/CVE-2017-7843", "https://nvd.nist.gov/vuln/detail/CVE-2017-5460", "https://nvd.nist.gov/vuln/detail/CVE-2017-7802", "https://nvd.nist.gov/vuln/detail/CVE-2017-5464", "https://nvd.nist.gov/vuln/detail/CVE-2017-7814", "https://nvd.nist.gov/vuln/detail/CVE-2017-5432", "https://nvd.nist.gov/vuln/detail/CVE-2018-5104", "https://nvd.nist.gov/vuln/detail/CVE-2017-5435", "https://nvd.nist.gov/vuln/detail/CVE-2017-5448", "https://nvd.nist.gov/vuln/detail/CVE-2018-5091", "https://nvd.nist.gov/vuln/detail/CVE-2017-5446", "https://nvd.nist.gov/vuln/detail/CVE-2017-5440", "https://nvd.nist.gov/vuln/detail/CVE-2017-5442", "https://nvd.nist.gov/vuln/detail/CVE-2017-7753", "https://nvd.nist.gov/vuln/detail/CVE-2017-7757", "https://nvd.nist.gov/vuln/detail/CVE-2017-7777", "https://nvd.nist.gov/vuln/detail/CVE-2017-7771", "https://nvd.nist.gov/vuln/detail/CVE-2017-5461", "https://nvd.nist.gov/vuln/detail/CVE-2018-5098", "https://nvd.nist.gov/vuln/detail/CVE-2017-7776", "https://bugs.gentoo.org/show_bug.cgi?id=645510", "https://nvd.nist.gov/vuln/detail/CVE-2018-5096", "https://nvd.nist.gov/vuln/detail/CVE-2017-7807", "https://nvd.nist.gov/vuln/detail/CVE-2018-5097", "https://nvd.nist.gov/vuln/detail/CVE-2017-7787", "https://bugs.gentoo.org/show_bug.cgi?id=632400", "https://nvd.nist.gov/vuln/detail/CVE-2017-5469", "https://nvd.nist.gov/vuln/detail/CVE-2017-7749", "https://bugs.gentoo.org/show_bug.cgi?id=621722", "https://nvd.nist.gov/vuln/detail/CVE-2017-7793", "https://nvd.nist.gov/vuln/detail/CVE-2017-5472", "https://nvd.nist.gov/vuln/detail/CVE-2017-7844", "https://nvd.nist.gov/vuln/detail/CVE-2017-7774", "https://nvd.nist.gov/vuln/detail/CVE-2017-7764", "https://nvd.nist.gov/vuln/detail/CVE-2017-7756", "https://nvd.nist.gov/vuln/detail/CVE-2017-5436", "https://nvd.nist.gov/vuln/detail/CVE-2017-5470", "https://nvd.nist.gov/vuln/detail/CVE-2017-7819", "https://nvd.nist.gov/vuln/detail/CVE-2017-7801", "https://nvd.nist.gov/vuln/detail/CVE-2018-5103", "https://nvd.nist.gov/vuln/detail/CVE-2017-7800", "https://nvd.nist.gov/vuln/detail/CVE-2017-7818", "https://nvd.nist.gov/vuln/detail/CVE-2017-7809", "https://nvd.nist.gov/vuln/detail/CVE-2017-7791", "https://nvd.nist.gov/vuln/detail/CVE-2017-5438", "https://nvd.nist.gov/vuln/detail/CVE-2017-7751", "https://nvd.nist.gov/vuln/detail/CVE-2017-7754", "https://nvd.nist.gov/vuln/detail/CVE-2017-7758", "https://nvd.nist.gov/vuln/detail/CVE-2017-5437"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "52.6.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox-bin", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "52.6.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/firefox", "operator": "lt"}], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-52.6.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-52.6.0\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2018-02-20T00:00:00", "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-5462", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-5436", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2018-5089", "CVE-2017-5434", "CVE-2018-5091", "CVE-2017-7756", "CVE-2018-5096", "CVE-2017-5465", "CVE-2018-5095", "CVE-2017-7843", "CVE-2016-6354", "CVE-2017-7764", "CVE-2017-7771", "CVE-2018-5098", "CVE-2017-5429", "CVE-2018-5102", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-7805", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-7779", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-7785", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2017-5447", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5460", "CVE-2017-7777", "CVE-2018-5104", "CVE-2017-7809", "CVE-2017-7775", "CVE-2018-5103", "CVE-2017-7798", "CVE-2017-7786", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7844", "CVE-2017-7819", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-7814", "CVE-2017-5464"], "modified": "2018-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201802-03", "id": "GLSA-201802-03", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-02-02T00:59:49", "references": ["https://bugzilla.suse.com/990856", "https://bugzilla.suse.com/984637", "https://bugzilla.suse.com/1017174", "https://bugzilla.suse.com/1021636"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey", "packageFilename": "seamonkey-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-translations-other", "packageFilename": "seamonkey-translations-other-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey", "packageFilename": "seamonkey-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey", "packageFilename": "seamonkey-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.2", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-translations-common", "packageFilename": "seamonkey-translations-common-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.46-9.2.x86_64.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "i586", "packageName": "seamonkey-debugsource", "packageFilename": "seamonkey-debugsource-2.46-9.2.i586.rpm", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "2.46-9.2", "arch": "x86_64", "packageName": "seamonkey-debuginfo", "packageFilename": "seamonkey-debuginfo-2.46-9.2.x86_64.rpm", "operator": "lt"}], "edition": 1, "description": "This update for Seamonkey to version 2.46 fixes security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - Fix all Gecko related security issues between 43.0.1 and 49.0.2\n - CVE-2016-6354: buffer overrun in flex (boo#990856)\n\n The following non-security changes are included:\n\n - improve recognition of LANGUAGE env variable (boo#1017174)\n - improve TLS compatibility with certain websites (boo#1021636)\n - Seamonkey now requires NSPR 4.12 and NSS 3.25\n - based on Gecko 49.0.2\n - Chatzilla and DOM Inspector were disabled\n\n", "reporter": "Suse", "published": "2017-02-02T00:10:33", "type": "suse", "title": "Security update for seamonkey (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-6354"], "modified": "2017-02-02T00:10:33", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00001.html", "id": "OPENSUSE-SU-2017:0356-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:29:54", "references": ["https://bugzilla.suse.com/990628", "https://bugzilla.suse.com/989196", "https://bugzilla.suse.com/990856", "https://bugzilla.suse.com/991809"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "ppc64le", "packageFilename": "MozillaFirefox-devel-45.3.0esr-78.1.ppc64le.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "45.3.0esr-78.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-45.3.0esr-78.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "45.3.0esr-78.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-78.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}], "description": "MozillaFirefox was updated to 45.3.0 ESR to fix the following issues\n (bsc#991809):\n\n * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety\n hazards (rv:48.0 / rv:45.3)\n * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when\n page is closed\n * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with\n bidirectional content\n * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory\n allocation issue with FFmpeg 0.10\n * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering\n * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and\n toplevel menus\n * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session\n shutdown\n * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested\n sync events\n * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in\n sandboxed iframes\n * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content\n Decryption Module (CDM) during video playback\n * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation\n * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects\n * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML\n file and saved shortcut file\n * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856)\n\n Also a temporary workaround was added:\n - Temporarily bind Firefox to the first CPU as a hotfix for an apparent\n race condition (bsc#989196, bsc#990628)\n\n", "edition": 1, "reporter": "Suse", "published": "2016-08-22T20:09:28", "title": "Security update for MozillaFirefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5252", "CVE-2016-5259", "CVE-2016-5254", "CVE-2016-6354", "CVE-2016-5265", "CVE-2016-5264", "CVE-2016-5258", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-5262", "CVE-2016-2830"], "modified": "2016-08-22T20:09:28", "id": "SUSE-SU-2016:2131-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00045.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:13:39", "references": ["https://bugzilla.suse.com/990628", "https://bugzilla.suse.com/989196", "https://bugzilla.suse.com/990856", "https://bugzilla.suse.com/991809"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.ia64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ia64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.ia64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-devel-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.ppc64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ia64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.ia64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-devel-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.ppc64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.ppc64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ia64", "packageFilename": "MozillaFirefox-devel-45.3.0esr-50.1.ia64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-devel-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "i586", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.i586.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "s390x", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-50.1.s390x.rpm", "packageName": "MozillaFirefox-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.ppc64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ia64", "packageFilename": "MozillaFirefox-45.3.0esr-50.1.ia64.rpm", "packageName": "MozillaFirefox", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "45.3.0esr-50.1", "arch": "ppc64", "packageFilename": "MozillaFirefox-devel-45.3.0esr-50.1.ppc64.rpm", "packageName": "MozillaFirefox-devel", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-translations-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-translations", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "45.3.0esr-50.1", "arch": "x86_64", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-50.1.x86_64.rpm", "packageName": "MozillaFirefox-debuginfo", "operator": "lt"}], "description": "MozillaFirefox was updated to 45.3.0 ESR to fix the following issues\n (bsc#991809):\n\n * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety\n hazards (rv:48.0 / rv:45.3)\n * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when\n page is closed\n * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG with\n bidirectional content\n * MFSA 2016-65/CVE-2016-2839 Cairo rendering crash due to memory\n allocation issue with FFmpeg 0.10\n * MFSA 2016-67/CVE-2016-5252 Stack underflow during 2D graphics rendering\n * MFSA 2016-70/CVE-2016-5254 Use-after-free when using alt key and\n toplevel menus\n * MFSA 2016-72/CVE-2016-5258 Use-after-free in DTLS during WebRTC session\n shutdown\n * MFSA 2016-73/CVE-2016-5259 Use-after-free in service workers with nested\n sync events\n * MFSA 2016-76/CVE-2016-5262 Scripts on marquee tag can execute in\n sandboxed iframes\n * MFSA 2016-77/CVE-2016-2837 Buffer overflow in ClearKey Content\n Decryption Module (CDM) during video playback\n * MFSA 2016-78/CVE-2016-5263 Type confusion in display transformation\n * MFSA 2016-79/CVE-2016-5264 Use-after-free when applying SVG effects\n * MFSA 2016-80/CVE-2016-5265 Same-origin policy violation using local HTML\n file and saved shortcut file\n * CVE-2016-6354: Fix for possible buffer overrun (bsc#990856)\n\n Also a temporary workaround was added:\n - Temporarily bind Firefox to the first CPU as a hotfix for an apparent\n race condition (bsc#989196, bsc#990628)\n\n", "edition": 1, "reporter": "Suse", "published": "2016-08-30T19:09:51", "title": "Security update for MozillaFirefox (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5252", "CVE-2016-5259", "CVE-2016-5254", "CVE-2016-6354", "CVE-2016-5265", "CVE-2016-5264", "CVE-2016-5258", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-5262", "CVE-2016-2830"], "modified": "2016-08-30T19:09:51", "id": "SUSE-SU-2016:2195-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00056.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:15:08", "references": ["https://bugzilla.suse.com/984006", "https://bugzilla.suse.com/983651", "https://bugzilla.suse.com/990628", "https://bugzilla.suse.com/989196", "https://bugzilla.suse.com/990856", "https://bugzilla.suse.com/983652", "https://bugzilla.suse.com/983638", "https://bugzilla.suse.com/983643", "https://bugzilla.suse.com/983639", "https://bugzilla.suse.com/983655", "https://bugzilla.suse.com/983646", "https://bugzilla.suse.com/983653", "https://bugzilla.suse.com/991809", "https://bugzilla.suse.com/983549", "https://bugzilla.suse.com/985659"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-45.3.0esr-48.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debugsource", "packageFilename": "mozilla-nss-debugsource-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-45.3.0esr-48.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debuginfo", "packageFilename": "mozilla-nss-debuginfo-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.12-25.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debuginfo-32bit", "packageFilename": "mozilla-nspr-debuginfo-32bit-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig-debugsource", "packageFilename": "firefox-fontconfig-debugsource-2.11.0-4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig-debuginfo", "packageFilename": "firefox-fontconfig-debuginfo-2.11.0-4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-32bit", "packageFilename": "mozilla-nspr-32bit-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debuginfo-32bit", "packageFilename": "mozilla-nspr-debuginfo-32bit-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig-debugsource", "packageFilename": "firefox-fontconfig-debugsource-2.11.0-4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss", "packageFilename": "mozilla-nss-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig-debuginfo", "packageFilename": "firefox-fontconfig-debuginfo-2.11.0-4.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debugsource", "packageFilename": "mozilla-nspr-debugsource-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debuginfo-32bit", "packageFilename": "mozilla-nss-debuginfo-32bit-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-45.3.0esr-48.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debugsource", "packageFilename": "mozilla-nspr-debugsource-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr", "packageFilename": "mozilla-nspr-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.0-20.38", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-45.0-20.38.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-45.3.0esr-48.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debuginfo", "packageFilename": "mozilla-nspr-debuginfo-4.12-25.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-devel", "packageFilename": "mozilla-nspr-devel-4.12-25.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-48.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.0-20.38", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-45.0-20.38.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "libfreebl3", "packageFilename": "libfreebl3-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debuginfo-32bit", "packageFilename": "mozilla-nss-debuginfo-32bit-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debuginfo", "packageFilename": "mozilla-nss-debuginfo-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig-debuginfo", "packageFilename": "firefox-fontconfig-debuginfo-2.11.0-4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debugsource", "packageFilename": "mozilla-nspr-debugsource-4.12-25.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debuginfo", "packageFilename": "mozilla-nss-debuginfo-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-48.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-32bit", "packageFilename": "mozilla-nss-32bit-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debugsource", "packageFilename": "mozilla-nss-debugsource-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-48.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-tools", "packageFilename": "mozilla-nss-tools-3.21.1-26.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-translations", "packageFilename": "MozillaFirefox-translations-45.3.0esr-48.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "libfreebl3-32bit", "packageFilename": "libfreebl3-32bit-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-48.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debugsource", "packageFilename": "MozillaFirefox-debugsource-45.3.0esr-48.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-debugsource", "packageFilename": "mozilla-nss-debugsource-3.21.1-26.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debuginfo", "packageFilename": "mozilla-nspr-debuginfo-4.12-25.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.0-20.38", "packageName": "MozillaFirefox-branding-SLED", "packageFilename": "MozillaFirefox-branding-SLED-45.0-20.38.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.11.0-4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.11.0-4.2.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "2.11.0-4.2", "packageName": "firefox-fontconfig", "packageFilename": "firefox-fontconfig-2.11.0-4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox-debuginfo", "packageFilename": "MozillaFirefox-debuginfo-45.3.0esr-48.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.21.1-26.2", "packageName": "mozilla-nss-devel", "packageFilename": "mozilla-nss-devel-3.21.1-26.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.2", "packageVersion": "4.12-25.2", "packageName": "mozilla-nspr-debuginfo", "packageFilename": "mozilla-nspr-debuginfo-4.12-25.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "45.3.0esr-48.1", "packageName": "MozillaFirefox", "packageFilename": "MozillaFirefox-45.3.0esr-48.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss\n were updated to fix nine security issues.\n\n MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated\n to version 3.21.1, mozilla-nspr to version 4.12.\n\n These security issues were fixed in 45.3.0ESR:\n - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards\n (rv:48.0 / rv:45.3) (MFSA 2016-62)\n - CVE-2016-2830: Favicon network connection can persist when page is\n closed (MFSA 2016-63)\n - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content\n (MFSA 2016-64)\n - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with\n FFmpeg 0.10 (MFSA 2016-65)\n - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA\n 2016-67)\n - CVE-2016-5254: Use-after-free when using alt key and toplevel menus\n (MFSA 2016-70)\n - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown\n (MFSA 2016-72)\n - CVE-2016-5259: Use-after-free in service workers with nested sync events\n (MFSA 2016-73)\n - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes\n (MFSA 2016-76)\n - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module\n (CDM) during video playback (MFSA 2016-77)\n - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78)\n - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79)\n - CVE-2016-5265: Same-origin policy violation using local HTML file and\n saved shortcut file (MFSA 2016-80)\n - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856)\n\n Security issues fixed in 45.2.0.ESR:\n - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639).\n - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53)\n (bsc#983651).\n - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA\n 2016-52) (bsc#983652).\n - CVE-2016-2821: Use-after-free deleting tables from a contenteditable\n document (MFSA 2016-51) (bsc#983653).\n - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)\n (bsc#983655).\n - CVE-2016-2828: Use-after-free when textures are used in WebGL operations\n after recycle pool destruction (MFSA 2016-56) (bsc#983646).\n - CVE-2016-2831: Entering fullscreen and persistent pointerlock without\n user permission (MFSA 2016-58) (bsc#983643).\n - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA\n 2016-49) (bsc#983638)\n\n These non-security issues were fixed:\n - Fix crashes on aarch64\n * Determine page size at runtime (bsc#984006)\n * Allow aarch64 to work in safe mode (bsc#985659)\n - Fix crashes on mainframes\n - Temporarily bind Firefox to the first CPU as a hotfix for an apparent\n race condition (bsc#989196, bsc#990628)\n\n All extensions must now be signed by addons.mozilla.org. Please read\n README.SUSE for more details.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-08-12T21:10:19", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2824", "CVE-2016-5252", "CVE-2016-5259", "CVE-2016-2828", "CVE-2016-5254", "CVE-2016-6354", "CVE-2016-2815", "CVE-2016-5265", "CVE-2016-2834", "CVE-2016-5264", "CVE-2016-5258", "CVE-2016-2822", "CVE-2016-2818", "CVE-2016-2839", "CVE-2016-5263", "CVE-2016-2819", "CVE-2016-2838", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-5262", "CVE-2016-2821", "CVE-2016-2830", "CVE-2016-2831"], "modified": "2016-08-12T21:10:19", "id": "SUSE-SU-2016:2061-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00036.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2017-05-01T21:18:53", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1343795", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", "https://bugzilla.mozilla.org/show_bug.cgi?id=1342661", "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336832", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347979", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347168", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346654", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343505", "https://bugzilla.mozilla.org/show_bug.cgi?id=1353975", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336828", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349946", "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343642", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344467", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347262"], "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "edition": 1, "reporter": "Mozilla Foundation", "published": "2017-04-30T00:00:00", "title": "Security vulnerabilities fixed in Thunderbird 52.1MenuClose", "type": "mozilla", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Thunderbird", "version": "52.1", "operator": "lt"}], "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10195"], "modified": "2017-04-30T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-13/", "id": "MFSA2017-13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-19T17:18:12", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1343795", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", "https://bugzilla.mozilla.org/show_bug.cgi?id=1342661", "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336832", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415", "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347979", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347168", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346654", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343505", "https://bugzilla.mozilla.org/show_bug.cgi?id=1353975", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336828", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349946", "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343642", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344467", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347262"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.28.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nThe internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. \nA mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.28.4.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "reporter": "Mozilla Foundation", "published": "2017-04-19T00:00:00", "title": "Security vulnerabilities fixed in Firefox ESR 52.1MenuMozilla", "type": "mozilla", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "affectedSoftware": [{"name": "Firefox ESR", "version": "52.1", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-04-19T00:00:00", "id": "MFSA2017-12", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-12/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-19T17:18:12", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1343795", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537", "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", "https://bugzilla.mozilla.org/show_bug.cgi?id=1342661", "https://bugzilla.mozilla.org/show_bug.cgi?id=1340127", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336832", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344415", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344517", "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347979", "https://bugzilla.mozilla.org/show_bug.cgi?id=1229426", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347168", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", "https://bugzilla.mozilla.org/show_bug.cgi?id=1338867", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346654", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343505", "https://bugzilla.mozilla.org/show_bug.cgi?id=1353975", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336828", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349276", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349946", "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380", "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955", "https://bugzilla.mozilla.org/show_bug.cgi?id=1329521", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343642", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344467", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347262"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nIf a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.\nThe internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. \nA mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.\nA mechanism to spoof the Firefox for Android addressbar using a javascript: URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications.\nA mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.\nAndroid intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected.\nA potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.\nMalicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected.\nA mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run.\nWhen a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.\nAn issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. \nMozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "reporter": "Mozilla Foundation", "published": "2017-04-19T00:00:00", "title": "Security vulnerabilities fixed in Firefox 53MenuMozilla", "type": "mozilla", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Firefox", "version": "53", "operator": "lt"}], "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-04-19T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-10/", "id": "MFSA2017-10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-19T17:18:12", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1343795", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343552", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", "https://bugzilla.mozilla.org/show_bug.cgi?id=1342661", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336832", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347979", "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347168", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344461", "https://bugzilla.mozilla.org/show_bug.cgi?id=1350683", "https://bugzilla.mozilla.org/show_bug.cgi?id=1346654", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343505", "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617", "https://bugzilla.mozilla.org/show_bug.cgi?id=1336828", "https://bugzilla.mozilla.org/show_bug.cgi?id=1349946", "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343642", "https://bugzilla.mozilla.org/show_bug.cgi?id=1344467", "https://bugzilla.mozilla.org/show_bug.cgi?id=1343453"], "edition": 1, "description": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.\nAn out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.\nAn out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.21.4.\nA buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.\nA use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.\nA use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.\nA use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.\nA use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.\nA use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.\nA use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.\nDuring DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. \nAn out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.\nA buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.\nAn out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. \nAn out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. \nAn out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.\nAn out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.\nThree vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent library and these changes were ported to Mozilla code.\nFixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex.\nA vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.\nA flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.21.4.\nMozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "reporter": "Mozilla Foundation", "published": "2017-04-19T00:00:00", "title": "Security vulnerabilities fixed in Firefox ESR 45.9MenuMozilla", "type": "mozilla", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [{"name": "Firefox ESR", "version": "45.9", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2016-10197", "CVE-2016-6354", "CVE-2016-10196", "CVE-2016-10195"], "modified": "2017-04-19T00:00:00", "id": "MFSA2017-11", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2017-11/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-01-14T08:07:42", "references": [], "description": "### *CVSS*:\n9.8\n\n### *Detect date*:\n04/30/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, read and write local files.\n\n### *Affected products*:\nMozilla Thunderbird before 52.1\n\n### *Solution*:\nUpdate to latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA 2017-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2016-10197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197>) \n[CVE-2017-5461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461>) \n[CVE-2016-6354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354>) \n[CVE-2017-5433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433>) \n[CVE-2017-5435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435>) \n[CVE-2017-5436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436>) \n[CVE-2017-5459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459>) \n[CVE-2017-5466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466>) \n[CVE-2017-5434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434>) \n[CVE-2017-5432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432>) \n[CVE-2017-5460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460>) \n[CVE-2017-5438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438>) \n[CVE-2017-5439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439>) \n[CVE-2017-5440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440>) \n[CVE-2017-5441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441>) \n[CVE-2017-5442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442>) \n[CVE-2017-5464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464>) \n[CVE-2017-5443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443>) \n[CVE-2017-5444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444>) \n[CVE-2017-5446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446>) \n[CVE-2017-5447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447>) \n[CVE-2017-5465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465>) \n[CVE-2017-5454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454>) \n[CVE-2017-5469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469>) \n[CVE-2017-5445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445>) \n[CVE-2017-5449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449>) \n[CVE-2017-5451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451>) \n[CVE-2017-5462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462>) \n[CVE-2017-5467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467>) \n[CVE-2017-5430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430>) \n[CVE-2017-5429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429>) \n[CVE-2016-10195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195>) \n[CVE-2016-10196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196>)", "edition": 33, "reporter": "Kaspersky Lab", "published": "2017-04-30T00:00:00", "title": "\r KLA11007Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5430", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "modified": "2019-01-04T00:00:00", "id": "KLA11007", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11007", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-14T08:06:36", "references": [], "description": "### *CVSS*:\n9.8\n\n### *Detect date*:\n04/19/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 53 \nMozilla Firefox ESR versions earlier than 45.9 \nMozilla Firefox ESR versions earlier than 52.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA-2017-10](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/>) \n[MFSA-2017-11](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/>) \n[MFSA-2017-12](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-10197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197>) \n[CVE-2017-5461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461>) \n[CVE-2016-6354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354>) \n[CVE-2017-5433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433>) \n[CVE-2017-5435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435>) \n[CVE-2017-5436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436>) \n[CVE-2017-5459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459>) \n[CVE-2017-5466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466>) \n[CVE-2017-5434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434>) \n[CVE-2017-5432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432>) \n[CVE-2017-5460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460>) \n[CVE-2017-5438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438>) \n[CVE-2017-5439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439>) \n[CVE-2017-5440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440>) \n[CVE-2017-5441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441>) \n[CVE-2017-5442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442>) \n[CVE-2017-5464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464>) \n[CVE-2017-5443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443>) \n[CVE-2017-5444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444>) \n[CVE-2017-5446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446>) \n[CVE-2017-5447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447>) \n[CVE-2017-5465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465>) \n[CVE-2017-5454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454>) \n[CVE-2017-5469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469>) \n[CVE-2017-5445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445>) \n[CVE-2017-5449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449>) \n[CVE-2017-5451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451>) \n[CVE-2017-5462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462>) \n[CVE-2017-5467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467>) \n[CVE-2017-5430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430>) \n[CVE-2017-5429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429>) \n[CVE-2016-10195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195>) \n[CVE-2016-10196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196>) \n[CVE-2017-5448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448>) \n[CVE-2017-5455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5455>) \n[CVE-2017-5456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5456>) \n[CVE-2017-5450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5450>) \n[CVE-2017-5463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5463>) \n[CVE-2017-5452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5452>) \n[CVE-2017-5453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5453>) \n[CVE-2017-5458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5458>) \n[CVE-2017-5468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5468>)", "edition": 38, "reporter": "Kaspersky Lab", "published": "2017-04-19T00:00:00", "title": "\r KLA11004Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5436", "CVE-2017-5441", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2017-5434", "CVE-2017-5465", "CVE-2016-6354", "CVE-2017-5429", "CVE-2017-5440", "CVE-2017-5458", "CVE-2017-5435", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-5455", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-5450", "CVE-2017-5433", "CVE-2017-5447", "CVE-2017-5466", "CVE-2017-5444", "CVE-2017-5467", "CVE-2017-5460", "CVE-2017-5449", "CVE-2017-5454", "CVE-2017-5461", "CVE-2017-5456", "CVE-2017-5453", "CVE-2017-5468", "CVE-2017-5430", "CVE-2017-5463", "CVE-2017-5452", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-5464"], "modified": "2019-01-04T00:00:00", "id": "KLA11004", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11004", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}