Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2016-2639.NASLHistoryOct 31, 2016 - 12:00 a.m.
openSUSE Security Update : Mozilla Firefox (openSUSE-2016-2639)
2016-10-3100:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
Mozilla Firefox was updated to 49.0.2 to fix two security issues a some bugs.
The following vulnerabilities were fixed :
-
CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
-
CVE-2016-5288: Web content can read cache entries (bsc#1006476)
The following changes and fixes are included :
-
Asynchronous rendering of the Flash plugins is now enabled by default
-
Change D3D9 default fallback preference to prevent graphical artifacts
-
Network issue prevents some users from seeing the Firefox UI on startup
-
Web compatibility issue with file uploads
-
Web compatibility issue with Array.prototype.values
-
Diagnostic information on timing for tab switching
-
Fix a Canvas filters graphics issue affecting HTML5 apps
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-2639.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(94427);
script_version("2.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-5287", "CVE-2016-5288");
script_name(english:"openSUSE Security Update : Mozilla Firefox (openSUSE-2016-2639)");
script_summary(english:"Check for the openSUSE-2016-2639 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was updated to 49.0.2 to fix two security issues a
some bugs.
The following vulnerabilities were fixed :
- CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
- CVE-2016-5288: Web content can read cache entries
(bsc#1006476)
The following changes and fixes are included :
- Asynchronous rendering of the Flash plugins is now
enabled by default
- Change D3D9 default fallback preference to prevent
graphical artifacts
- Network issue prevents some users from seeing the
Firefox UI on startup
- Web compatibility issue with file uploads
- Web compatibility issue with Array.prototype.values
- Diagnostic information on timing for tab switching
- Fix a Canvas filters graphics issue affecting HTML5 apps"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1304783"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006475"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006476"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Firefox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-branding-upstream-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-buildsymbols-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-devel-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-common-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaFirefox-translations-other-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"MozillaFirefox-debugsource-49.0.2-84.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-branding-upstream-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-devel-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-common-49.0.2-36.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-other-49.0.2-36.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | mozillafirefox | p-cpe:/a:novell:opensuse:mozillafirefox |
| novell | opensuse | mozillafirefox-branding-upstream | p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream |
| novell | opensuse | mozillafirefox-buildsymbols | p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols |
| novell | opensuse | mozillafirefox-debuginfo | p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo |
| novell | opensuse | mozillafirefox-debugsource | p-cpe:/a:novell:opensuse:mozillafirefox-debugsource |
| novell | opensuse | mozillafirefox-devel | p-cpe:/a:novell:opensuse:mozillafirefox-devel |
| novell | opensuse | mozillafirefox-translations-common | p-cpe:/a:novell:opensuse:mozillafirefox-translations-common |
| novell | opensuse | mozillafirefox-translations-other | p-cpe:/a:novell:opensuse:mozillafirefox-translations-other |
| novell | opensuse | 13.2 | cpe:/o:novell:opensuse:13.2 |
| novell | opensuse | 42.1 | cpe:/o:novell:opensuse:42.1 |
Related
openvas
openvas
Ubuntu Update for firefox USN-3111-1
2016-11-08 00:00:00
Fedora Update for firefox FEDORA-2016-3f235e39d0
2016-12-02 00:00:00
Mozilla Firefox Security Updates( mfsa_2016-87_2016-87 )-Windows
2016-10-21 00:00:00
nessus
nessus
Mozilla Firefox < 49.0.2 Multiple Vulnerabilities
2016-11-04 00:00:00
Mozilla Firefox 48.x / 49.x < 49.0.2 Multiple Vulnerabilities (macOS)
2016-10-25 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3111-1)
2016-10-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-10-20 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2016-10-26 09:06:13
Security update for Mozilla Firefox (important)
2016-11-05 15:06:37
fedora
fedora
[SECURITY] Fedora 23 Update: firefox-49.0.2-1.fc23
2016-11-08 22:57:19
[SECURITY] Fedora 24 Update: firefox-49.0.2-1.fc24
2016-11-06 00:28:53
ubuntu
ubuntu
Firefox vulnerabilities
2016-10-27 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 49.0.2 — Mozilla
2016-10-20 00:00:00
kaspersky
kaspersky
KLA11270 Multiple vulnerabilities in Mozilla Firefox
2016-10-20 00:00:00
cve
cve
CVE-2016-5287
2018-06-11 21:29:00
CVE-2016-5288
2018-06-11 21:29:00
prion
prion
Information disclosure
2018-06-11 21:29:00
Double free
2018-06-11 21:29:00
redhatcve
redhatcve
CVE-2016-5288
2016-10-21 10:47:27
CVE-2016-5287
2016-10-21 10:47:20
ubuntucve
ubuntucve
CVE-2016-5288
2016-10-25 00:00:00
CVE-2016-5287
2016-10-25 00:00:00
debiancve
debiancve
CVE-2016-5287
2018-06-11 21:29:00
CVE-2016-5288
2018-06-11 21:29:00
mageia
mageia
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
Related for OPENSUSE-2016-2639.NASL