Mozilla Firefox was updated to 49.0.2 to fix two security issues and some bugs.
The following vulnerabilities were fixed :
CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
CVE-2016-5288: Web content can read cache entries (bsc#1006476)
The following changes and fixes are included :
Asynchronous rendering of the Flash plugins is now enabled by default
Change D3D9 default fallback preference to prevent graphical artifacts
Network issue prevents some users from seeing the Firefox UI on startup
Web compatibility issue with file uploads
Web compatibility issue with Array.prototype.values
Diagnostic information on timing for tab switching
Fix a Canvas filters graphics issue affecting HTML5 apps
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1271.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(94602);
script_version("2.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-5287", "CVE-2016-5288");
script_name(english:"openSUSE Security Update : Mozilla Firefox (openSUSE-2016-1271)");
script_summary(english:"Check for the openSUSE-2016-1271 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was updated to 49.0.2 to fix two security issues and
some bugs.
The following vulnerabilities were fixed :
- CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
- CVE-2016-5288: Web content can read cache entries
(bsc#1006476)
The following changes and fixes are included :
- Asynchronous rendering of the Flash plugins is now
enabled by default
- Change D3D9 default fallback preference to prevent
graphical artifacts
- Network issue prevents some users from seeing the
Firefox UI on startup
- Web compatibility issue with file uploads
- Web compatibility issue with Array.prototype.values
- Diagnostic information on timing for tab switching
- Fix a Canvas filters graphics issue affecting HTML5 apps"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006475"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006476"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Firefox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-branding-upstream-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-buildsymbols-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debuginfo-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-debugsource-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-devel-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-common-49.0.2-128.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaFirefox-translations-other-49.0.2-128.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | mozillafirefox | p-cpe:/a:novell:opensuse:mozillafirefox |
novell | opensuse | mozillafirefox-branding-upstream | p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream |
novell | opensuse | mozillafirefox-buildsymbols | p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols |
novell | opensuse | mozillafirefox-debuginfo | p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo |
novell | opensuse | mozillafirefox-debugsource | p-cpe:/a:novell:opensuse:mozillafirefox-debugsource |
novell | opensuse | mozillafirefox-devel | p-cpe:/a:novell:opensuse:mozillafirefox-devel |
novell | opensuse | mozillafirefox-translations-common | p-cpe:/a:novell:opensuse:mozillafirefox-translations-common |
novell | opensuse | mozillafirefox-translations-other | p-cpe:/a:novell:opensuse:mozillafirefox-translations-other |
novell | opensuse | 13.1 | cpe:/o:novell:opensuse:13.1 |