openSUSE Security Update : Mozilla Firefox (openSUSE-2017-368)
2017-03-21T00:00:00
ID OPENSUSE-2017-368.NASL Type nessus Reporter This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2017-03-21T00:00:00
Description
Mozilla Firefox was updated to 52.0.1 to fix one security issue :
CVE-2017-5428: integer overflow in createImageBitmap()
(boo#1029822, MFSA 2017-08)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-368.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97843);
script_version("3.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-5428");
script_name(english:"openSUSE Security Update : Mozilla Firefox (openSUSE-2017-368)");
script_summary(english:"Check for the openSUSE-2017-368 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was updated to 52.0.1 to fix one security issue :
- CVE-2017-5428: integer overflow in createImageBitmap()
(boo#1029822, MFSA 2017-08)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029822"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Firefox packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-branding-upstream-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-buildsymbols-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-devel-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-common-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"MozillaFirefox-translations-other-52.0.1-58.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-branding-upstream-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-buildsymbols-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debuginfo-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-debugsource-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-devel-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-common-52.0.1-57.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaFirefox-translations-other-52.0.1-57.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}
{"cve": [{"lastseen": "2020-12-09T20:13:33", "description": "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-5428", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5428"], "modified": "2018-08-09T15:27:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0"], "id": "CVE-2017-5428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:32:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "\nThe Mozilla Foundation reports:\n\nAn integer overflow in createImageBitmap() was reported\n\t through the Pwn2Own contest. The fix for this vulnerability\n\t disables the experimental extensions to the\n\t createImageBitmap API. This function runs in the content\n\t sandbox, requiring a second vulnerability to compromise a\n\t user's computer.\n\n", "edition": 5, "modified": "2017-03-17T00:00:00", "published": "2017-03-17T00:00:00", "id": "5F453B69-ABAB-4E76-B6E5-2ED0BAFCAEE3", "href": "https://vuxml.freebsd.org/freebsd/5f453b69-abab-4e76-b6e5-2ed0bafcaee3.html", "title": "firefox -- integer overflow in createImageBitmap()", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2020-06-22T11:40:15", "bulletinFamily": "info", "cvelist": ["CVE-2017-5428"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of createImageBitmap. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current user.", "modified": "2017-06-22T00:00:00", "published": "2017-03-30T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-234/", "id": "ZDI-17-234", "type": "zdi", "title": "(Pwn2Own) Mozilla Firefox createImageBitmap Integer Overflow Remote Code Execution Vulnerability", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-03-20T23:16:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "edition": 1, "description": "Mozilla Firefox was updated to 52.0.1 to fix one security issue:\n\n - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822,\n MFSA 2017-08)\n\n", "modified": "2017-03-21T00:09:23", "published": "2017-03-21T00:09:23", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00021.html", "id": "OPENSUSE-SU-2017:0765-1", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:48", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "An integer overflow was discovered in Firefox. If a user were tricked in \nto opening a specially crafted website, an attacker could exploit this to \ncause a denial of service via application crash or execute arbitrary code. \n(CVE-2017-5428)", "edition": 6, "modified": "2017-03-20T00:00:00", "published": "2017-03-20T00:00:00", "id": "USN-3238-1", "href": "https://ubuntu.com/security/notices/USN-3238-1", "title": "Firefox vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-25T00:00:00", "id": "OPENVAS:1361412562310872521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872521", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2017-cd33654294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2017-cd33654294\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872521\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-25 05:57:09 +0100 (Sat, 25 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2017-cd33654294\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cd33654294\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NAY7J5V7XLXM6AUVQA62BLONQMHFFK4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:06:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2017-03-20T00:00:00", "id": "OPENVAS:1361412562310810820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810820", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810820\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:26 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0.1\n on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310843100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843100", "type": "openvas", "title": "Ubuntu Update for firefox USN-3238-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3238-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843100\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:51:05 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3238-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An integer overflow was discovered in\n Firefox. If a user were tricked in to opening a specially crafted website, an\n attacker could exploit this to cause a denial of service via application crash\n or execute arbitrary code. (CVE-2017-5428)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3238-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3238-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"52.0.1+build2-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310851526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851526", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:0765-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851526\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:51:13 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:0765-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Mozilla Firefox was updated to 52.0.1 to fix one security issue:\n\n - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822,\n MFSA 2017-08)\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0765-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0.1~57.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~52.0.1~58.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2017-03-20T00:00:00", "id": "OPENVAS:1361412562310810821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810821", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810821\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:45 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 52.0.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2017-03-20T00:00:00", "id": "OPENVAS:1361412562310810819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810819", "type": "openvas", "title": "Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810819\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:40:58 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-08_2017-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to buffer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 52.0.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:06:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2017-03-20T00:00:00", "id": "OPENVAS:1361412562310810822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810822", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810822\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-20 13:41:55 +0530 (Mon, 20 Mar 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-08_2017-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an integer overflow\n in createImageBitmap().\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before 52.0.1\n on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 52.0.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"52.0.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"52.0.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-29T00:00:00", "id": "OPENVAS:1361412562310872528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872528", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2017-9e1ccfe586", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2017-9e1ccfe586\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872528\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-29 06:26:57 +0200 (Wed, 29 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for firefox FEDORA-2017-9e1ccfe586\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9e1ccfe586\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2MTBBE3ELRRCBYS64TCE4US6VBLJE7I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~6.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310882683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882683", "type": "openvas", "title": "CentOS Update for firefox CESA-2017:0558 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0558 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882683\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:50:36 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0558 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero\nDay Initiative as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0558\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022344.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310871774", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871774", "type": "openvas", "title": "RedHat Update for firefox RHSA-2017:0558-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2017:0558-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871774\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 06:36:58 +0100 (Sat, 18 Mar 2017)\");\n script_cve_id(\"CVE-2017-5428\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:0558-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero\nDay Initiative as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0558-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~52.0~5.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~52.0~5.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T03:28:47", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 52.0.1. It is, therefore, affected by an integer\noverflow condition in the nsGlobalWindow::CreateImageBitmap() function\nwithin file dom/base/nsGlobalWindow.cpp due to improper validation of\ncertain input. An unauthenticated, remote attacker can exploit this to\ncorrupt memory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "title": "Mozilla Firefox < 52.0.1 CreateImageBitmap RCE (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_52_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/99123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99123);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_xref(name:\"MFSA\", value:\"2017-08\");\n\n script_name(english:\"Mozilla Firefox < 52.0.1 CreateImageBitmap RCE (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 52.0.1. It is, therefore, affected by an integer\noverflow condition in the nsGlobalWindow::CreateImageBitmap() function\nwithin file dom/base/nsGlobalWindow.cpp due to improper validation of\ncertain input. An unauthenticated, remote attacker can exploit this to\ncorrupt memory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 52.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (!isnull(is_esr)) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', fix:'52.0.1', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:28:48", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is prior to 52.0.1. It is, therefore, affected by an\ninteger overflow condition in the nsGlobalWindow::CreateImageBitmap()\nfunction within file dom/base/nsGlobalWindow.cpp due to improper\nvalidation of certain input. An unauthenticated, remote attacker can\nexploit this to corrupt memory, possibly resulting in the execution of\narbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "title": "Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_52_0_1_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/99124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99124);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_xref(name:\"MFSA\", value:\"2017-08\");\n\n script_name(english:\"Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is prior to 52.0.1. It is, therefore, affected by an\ninteger overflow condition in the nsGlobalWindow::CreateImageBitmap()\nfunction within file dom/base/nsGlobalWindow.cpp due to improper\nvalidation of certain input. An unauthenticated, remote attacker can\nexploit this to corrupt memory, possibly resulting in the execution of\narbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 52.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'52.0.1', min:'52', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:50:02", "description": "The version of Mozilla Firefox ESR installed on the remote Windows\nhost is prior to 52.0.1. It is, therefore, affected by an integer\noverflow condition in the nsGlobalWindow::CreateImageBitmap() function\nwithin file dom/base/nsGlobalWindow.cpp due to improper validation of\ncertain input. An unauthenticated, remote attacker can exploit this to\ncorrupt memory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.", "edition": 32, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "title": "Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_52_0_1ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/99126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99126);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_xref(name:\"MFSA\", value:\"2017-08\");\n\n script_name(english:\"Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\na remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is prior to 52.0.1. It is, therefore, affected by an integer\noverflow condition in the nsGlobalWindow::CreateImageBitmap() function\nwithin file dom/base/nsGlobalWindow.cpp due to improper validation of\ncertain input. An unauthenticated, remote attacker can exploit this to\ncorrupt memory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 52.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'52.0.1', min:'52', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:41:46", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "title": "RHEL 7 : firefox (RHSA-2017:0558)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2017-03-20T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2017-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/97822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0558. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97822);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_xref(name:\"RHSA\", value:\"2017:0558\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2017:0558)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2017-08\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5428\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0558\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-52.0-5.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-52.0-5.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:50:01", "description": "The version of Mozilla Firefox installed on the remote Windows host is\nprior to 52.0.1. It is, therefore, affected by an integer overflow\ncondition in the nsGlobalWindow::CreateImageBitmap() function within\nfile dom/base/nsGlobalWindow.cpp due to improper validation of certain\ninput. An unauthenticated, remote attacker can exploit this to corrupt\nmemory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "title": "Mozilla Firefox < 52.0.1 CreateImageBitmap RCE", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_52_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/99125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99125);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_bugtraq_id(96959);\n script_xref(name:\"MFSA\", value:\"2017-08\");\n\n script_name(english:\"Mozilla Firefox < 52.0.1 CreateImageBitmap RCE\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\na remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host is\nprior to 52.0.1. It is, therefore, affected by an integer overflow\ncondition in the nsGlobalWindow::CreateImageBitmap() function within\nfile dom/base/nsGlobalWindow.cpp due to improper validation of certain\ninput. An unauthenticated, remote attacker can exploit this to corrupt\nmemory, possibly resulting in the execution of arbitrary code.\n\nNote that this function runs in the content sandbox, requiring a\nsecond vulnerability to compromise a user's computer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 52.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5428\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', fix:'52.0.1', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:49:37", "description": "Security Fix(es) :\n\n - A flaw was found in the processing of malformed web\n content. A web page containing malicious content could\n cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5428)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-21T00:00:00", "title": "Scientific Linux Security Update : firefox on SL7.x x86_64 (20170317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2017-03-21T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170317_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97845);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-5428\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x x86_64 (20170317)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - A flaw was found in the processing of malformed web\n content. A web page containing malicious content could\n cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5428)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=8844\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c5385fd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-52.0-5.el7_3\", allowmaj:TRUE)) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-52.0-5.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:52:21", "description": "The Mozilla Foundation reports :\n\nAn integer overflow in createImageBitmap() was reported through the\nPwn2Own contest. The fix for this vulnerability disables the\nexperimental extensions to the createImageBitmap API. This function\nruns in the content sandbox, requiring a second vulnerability to\ncompromise a user's computer.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "title": "FreeBSD : firefox -- integer overflow in createImageBitmap() (5f453b69-abab-4e76-b6e5-2ed0bafcaee3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2017-03-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:firefox"], "id": "FREEBSD_PKG_5F453B69ABAB4E76B6E52ED0BAFCAEE3.NASL", "href": "https://www.tenable.com/plugins/nessus/97809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97809);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-5428\");\n\n script_name(english:\"FreeBSD : firefox -- integer overflow in createImageBitmap() (5f453b69-abab-4e76-b6e5-2ed0bafcaee3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Foundation reports :\n\nAn integer overflow in createImageBitmap() was reported through the\nPwn2Own contest. The fix for this vulnerability disables the\nexperimental extensions to the createImageBitmap API. This function\nruns in the content sandbox, requiring a second vulnerability to\ncompromise a user's computer.\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2017-08/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/\"\n );\n # https://vuxml.freebsd.org/freebsd/5f453b69-abab-4e76-b6e5-2ed0bafcaee3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37ab2057\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<52.0.1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:14:14", "description": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 36, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-13T00:00:00", "title": "Virtuozzo 7 : firefox (VZLSA-2017-0558)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2017-07-13T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:firefox"], "id": "VIRTUOZZO_VZLSA-2017-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/101439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101439);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5428\"\n );\n\n script_name(english:\"Virtuozzo 7 : firefox (VZLSA-2017-0558)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Chaitin Security Research Lab via Trend\nMicro's Zero Day Initiative as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0558.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de10e00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0558\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-52.0-5.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:12:34", "description": " - Added fix for CVE-2017-5428\n\n - Added fix for mozbz#1158076\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-30T00:00:00", "title": "Fedora 24 : firefox (2017-9e1ccfe586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2017-03-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-9E1CCFE586.NASL", "href": "https://www.tenable.com/plugins/nessus/99056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9e1ccfe586.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99056);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_xref(name:\"FEDORA\", value:\"2017-9e1ccfe586\");\n\n script_name(english:\"Fedora 24 : firefox (2017-9e1ccfe586)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Added fix for CVE-2017-5428\n\n - Added fix for mozbz#1158076\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e1ccfe586\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"firefox-52.0-6.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:44:47", "description": "An integer overflow was discovered in Firefox. If a user were tricked\nin to opening a specially crafted website, an attacker could exploit\nthis to cause a denial of service via application crash or execute\narbitrary code. (CVE-2017-5428).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-21T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerability (USN-3238-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5428"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3238-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97855);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5428\");\n script_xref(name:\"USN\", value:\"3238-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerability (USN-3238-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow was discovered in Firefox. If a user were tricked\nin to opening a specially crafted website, an attacker could exploit\nthis to cause a denial of service via application crash or execute\narbitrary code. (CVE-2017-5428).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3238-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"52.0.1+build2-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"52.0.1+build2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"52.0.1+build2-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"52.0.1+build2-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "Arch Linux Security Advisory ASA-201703-15\n==========================================\n\nSeverity: High\nDate : 2017-03-18\nCVE-ID : CVE-2017-5428\nPackage : firefox\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-219\n\nSummary\n=======\n\nThe package firefox before version 52.0.1-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 52.0.1-1.\n\n# pacman -Syu \"firefox>=52.0.1-1\"\n\nThe problem has been fixed upstream in version 52.0.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn integer overflow in createImageBitmap() was reported through the\nPwn2Own contest. The fix for this vulnerability disables the\nexperimental extensions to the createImageBitmap API. This function\nruns in the content sandbox, requiring a second vulnerability to\ncompromise a user's computer.\n\nImpact\n======\n\nA remote attacker might be able to execute arbitrary code on the\naffected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1348168\nhttps://security.archlinux.org/CVE-2017-5428", "modified": "2017-03-18T00:00:00", "published": "2017-03-18T00:00:00", "id": "ASA-201703-15", "href": "https://security.archlinux.org/ASA-201703-15", "type": "archlinux", "title": "[ASA-201703-15] firefox: arbitrary code execution", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "Mozilla Firefox is an open source web browser.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporters.", "modified": "2018-04-12T03:33:32", "published": "2017-03-18T00:55:35", "id": "RHSA-2017:0558", "href": "https://access.redhat.com/errata/RHSA-2017:0558", "type": "redhat", "title": "(RHSA-2017:0558) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:50:14", "bulletinFamily": "info", "cvelist": ["CVE-2017-5428"], "description": "### *Detect date*:\n03/17/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nInteger overflow vulnerability was found in Mozilla Firefox and Mozilla Firefox ESR. By exploiting this vulnerability malicious users possibly can obtain sensitive information and cause a denial of service. This vulnerability can be exploited remotely via experimental extensions.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 52.0.1 \nMozilla Firefox ESR versions earlier than 52.0.1\n\n### *Solution*:\nUpdate to latest version \n[Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA 2017-08](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-5428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5428>)9.8Critical", "edition": 45, "modified": "2020-05-22T00:00:00", "published": "2017-03-17T00:00:00", "id": "KLA10971", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10971", "title": "\r KLA10971Vulnerability in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0558\n\n\nMozilla Firefox is an open source web browser.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-March/034382.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0558.html", "edition": 5, "modified": "2017-03-20T08:40:56", "published": "2017-03-20T08:40:56", "id": "CESA-2017:0558", "href": "http://lists.centos.org/pipermail/centos-announce/2017-March/034382.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "[52.0-5.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428", "edition": 5, "modified": "2017-03-17T00:00:00", "published": "2017-03-17T00:00:00", "id": "ELSA-2017-0558", "href": "http://linux.oracle.com/errata/ELSA-2017-0558.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T01:30:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6820", "CVE-2020-6819", "CVE-2017-5428"], "description": "[68.6.1-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-1339", "href": "http://linux.oracle.com/errata/ELSA-2020-1339.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-09T10:43:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2017-5428"], "description": "[68.7.0-2.0.1.el8_1]\n- Rebuild to pickup Oracle default bookmarks [Orabug: 30069264]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n- Remove upstream references [Orabug: 30530527]\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-04-09T00:00:00", "published": "2020-04-09T00:00:00", "id": "ELSA-2020-1406", "href": "http://linux.oracle.com/errata/ELSA-2020-1406.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T01:28:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6800", "CVE-2017-5428", "CVE-2020-6796", "CVE-2020-6798"], "description": "[68.5.0-2.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-0521", "href": "http://linux.oracle.com/errata/ELSA-2020-0521.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T01:31:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6822", "CVE-2020-6825", "CVE-2020-6821", "CVE-2017-5428"], "description": "[68.7.0-2.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-1429", "href": "http://linux.oracle.com/errata/ELSA-2020-1429.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-15T12:10:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12406", "CVE-2017-5428", "CVE-2020-12410", "CVE-2020-12405"], "description": "[68.9.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n* Fri May 29 2020 Jan Horak \n- Update to 68.9.0 build1\n- Added patch for pipewire 0.3\n* Mon May 11 2020 Jan Horak \n- Added s390x specific patches\n* Wed Apr 29 2020 Jan Horak \n- Update to 68.8.0 build1\n[68.7.0-3]\n- Added fix for rhbz#1821418\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 2, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-2378", "href": "http://linux.oracle.com/errata/ELSA-2020-2378.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T01:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6831", "CVE-2020-12392", "CVE-2017-5428", "CVE-2020-12395", "CVE-2020-12387"], "description": "[68.8.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n* Wed Apr 29 2020 Jan Horak \n- Update to 68.8.0 build1\n[68.7.0-3]\n- Added fix for rhbz#1821418\n[68.7.0-2]\n- Update to 68.7.0 build3\n[68.6.1-1]\n- Update to 68.6.1 ESR\n* Wed Mar 04 2020 Jan Horak \n- Update to 68.6.0 build1\n[68.5.0-3]\n- Added fix for rhbz#1805667\n- Enabled mzbz@1170092 - Firefox prefs at /etc\n* Fri Feb 07 2020 Jan Horak \n- Update to 68.5.0 build2\n* Wed Feb 05 2020 Jan Horak \n- Update to 68.5.0 build1\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-2036", "href": "http://linux.oracle.com/errata/ELSA-2020-2036.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T01:27:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17022", "CVE-2017-5428", "CVE-2019-17024", "CVE-2019-17017", "CVE-2019-17016", "CVE-2019-17026"], "description": "[68.4.1-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n* Wed Jan 08 2020 Jan Horak \n- Update to 68.4.1esr build1\n* Fri Jan 03 2020 Jan Horak \n- Update to 68.4.0esr build1\n* Wed Dec 18 2019 Jan Horak \n- Fix for wrong intl.accept_lang when using non en-us langpack\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2020-0086", "href": "http://linux.oracle.com/errata/ELSA-2020-0086.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-09-25T02:10:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12379", "CVE-2018-12378", "CVE-2017-5428", "CVE-2018-12377", "CVE-2017-16541", "CVE-2018-12376"], "description": "[60.2.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2018-09-24T00:00:00", "published": "2018-09-24T00:00:00", "id": "ELSA-2018-2693", "href": "http://linux.oracle.com/errata/ELSA-2018-2693.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-07-08T01:24:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17010", "CVE-2017-5428", "CVE-2019-17012", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17011"], "description": "[68.3.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[68.3.0-1]\n- Update to 68.3.0 ESR\n[68.2.0-4]\n- Added patch for TLS 1.3 support.\n[68.2.0-3]\n- Rebuild\n[68.2.0-2]\n- Rebuild\n[68.2.0-1]\n- Update to 68.2.0 ESR\n[68.1.0-6]\n- Enable system nss on RHEL6\n[68.1.0-2]\n- Enable building langpacks\n[68.1.0-1]\n- Update to 68.1.0 ESR\n[68.0.1-4]\n- Enable system nss\n[68.0.1-3]\n- Enable official branding\n[68.0.1-2]\n- Enabled PipeWire on RHEL8\n[68.0.1-1]\n- Updated to 68.0.1 ESR\n[68.0-0.11]\n- Update to 68.0 ESR\n[68.0-0.10]\n- Updated to 68.0 alpha 13\n- Enabled second arches\n[68.0-0.1]\n- Updated to 68.0 alpha\n[60.6.0-3]\n- Added Google API keys (mozbz#1531176)\n[60.6.0-2]\n- Update to 60.6.0 ESR (Build 2)\n[60.6.0-1]\n- Update to 60.6.0 ESR (Build 1)\n[60.5.1-1]\n- Update to 60.5.1 ESR\n[60.5.0-3]\n- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.\n[60.5.0-2]\n- Updated to 60.5.0 ESR build2\n[60.5.0-1]\n- Updated to 60.5.0 ESR build1\n[60.4.0-3]\n- Fixing fontconfig warnings (rhbz#1601475)\n[60.4.0-2]\n- Added pipewire patch from Tomas Popela (rhbz#1664270)\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR\n[60.2.2-2]\n- Added patch for rhbz#1633932\n[60.2.2-1]\n- Update to 60.2.2 ESR\n[60.2.1-1]\n- Update to 60.2.1 ESR\n[60.2.0-1]\n- Update to 60.2.0 ESR\n[60.1.0-9]\n- Do not set user agent (rhbz#1608065)\n- GTK dialogs are localized now (rhbz#1619373)\n- JNLP association works again (rhbz#1607457)\n[60.1.0-8]\n- Fixed homepage and bookmarks (rhbz#1606778)\n- Fixed missing file associations in RHEL6 (rhbz#1613565)\n[60.1.0-7]\n- Run at-spi-bus if not running already (for the bundled gtk3)\n[60.1.0-6]\n- Fix for missing schemes for bundled gtk3\n[60.1.0-5]\n- Added mesa-libEGL dependency to gtk3/rhel6\n[60.1.0-4]\n- Disabled jemalloc on all second arches\n[60.1.0-3]\n- Updated to 60.1.0 ESR build2\n[60.1.0-2]\n- Disabled jemalloc on second arches\n[60.1.0-1]\n- Updated to 60.1.0 ESR\n[60.0-12]\n- Fixing bundled libffi issues\n- Readded some requirements\n[60.0-10]\n- Added fix for mozilla BZ#1436242 - IPC crashes.\n[60.0-9]\n- Bundling libffi for the sec-arches\n- Added openssl-devel for the Python\n- Fixing bundled gtk3\n[60.0-8]\n- Added fix for mozilla BZ#1458492\n[60.0-7]\n- Added patch from rhbz#1498561 to fix ppc64(le) crashes.\n[60.0-6]\n- Disabled jemalloc on second arches\n[60.0-4]\n- Update to 60.0 ESR\n[52.7.0-1]\n- Update to 52.7.0 ESR\n[52.6.0-2]\n- Build Firefox for desktop arches only (x86_64 and ppc64le)\n[52.6.0-1]\n- Update to 52.6.0 ESR\n[52.5.0-1]\n- Update to 52.5.0 ESR\n[52.4.0-1]\n- Update to 52.4.0 ESR\n[52.3.0-3]\n- Update to 52.3.0 ESR (b2)\n- Require correct nss version\n[52.2.0-1]\n- Update to 52.2.0 ESR\n[52.1.2-1]\n- Update to 52.1.2 ESR\n[52.0-7]\n- Added fix for accept language (rhbz#1454322)\n[52.0-6]\n- Removing patch required for older NSS from RHEL 7.3\n- Added patch for rhbz#1414564\n[52.0-5]\n- Added fix for mozbz#1348168/CVE-2017-5428\n[52.0-4]\n- Update to 52.0 ESR (b4)\n[52.0-3]\n- Added fix for rhbz#1423012 - ppc64 gfx crashes\n[52.0-2]\n- Enable system nss\n[52.0-1]\n- Update to 52.0ESR (B1)\n- Build RHEL7 package for Gtk3\n[52.0-0.13]\n- Added fix for rhbz#1414535\n[52.0-0.12]\n- Update to 52.0b8\n[52.0-0.11]\n- Readded addons patch\n[52.0-0.10]\n- Update to 52.0b3\n[52.0-0.9]\n- Update to 52.0b2\n[52.0-0.8]\n- Update to 52.0b1\n[52.0-0.5]\n- Firefox Aurora 52 testing build", "edition": 1, "modified": "2020-07-07T00:00:00", "published": "2020-07-07T00:00:00", "id": "ELSA-2019-4108", "href": "http://linux.oracle.com/errata/ELSA-2019-4108.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2017-03-24T18:58:28", "published": "2017-03-24T18:58:28", "id": "FEDORA:974106070D38", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: firefox-52.0-6.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5428"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. ", "modified": "2017-03-28T23:55:29", "published": "2017-03-28T23:55:29", "id": "FEDORA:600E16075DAE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: firefox-52.0-6.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}