Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-2.NASL
HistoryJan 10, 2020 - 12:00 a.m.

openSUSE Security Update : MozillaFirefox (openSUSE-2020-2)

2020-01-1000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40

8.7 High

AI Score

Confidence

High

JSON

This update for MozillaFirefox fixes the following issues :

Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)
Security issues fixed :

  • CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)

  • CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)

  • CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)

  • CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)

  • CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)

  • CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)

  • CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)

  • CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)

This update was imported from the SUSE:SLE-15:Update update project.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-2.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('compat.inc');

if (description)
{
  script_id(132763);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");

  script_cve_id(
    "CVE-2019-11745",
    "CVE-2019-13722",
    "CVE-2019-17005",
    "CVE-2019-17008",
    "CVE-2019-17009",
    "CVE-2019-17010",
    "CVE-2019-17011",
    "CVE-2019-17012"
  );

  script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for MozillaFirefox fixes the following issues :

Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)	
	 Security issues fixed :

  - CVE-2019-17008: Fixed a use-after-free in worker
    destruction (bmo#1546331)

  - CVE-2019-13722: Fixed a stack corruption due to
    incorrect number of arguments in WebRTC code
    (bmo#1580156)

  - CVE-2019-11745: Fixed an out of bounds write in NSS when
    encrypting with a block cipher (bmo#1586176)

  - CVE-2019-17009: Fixed an issue where updater temporary
    files accessible to unprivileged processes (bmo#1510494)

  - CVE-2019-17010: Fixed a use-after-free when performing
    device orientation checks (bmo#1581084)

  - CVE-2019-17005: Fixed a buffer overflow in plain text
    serializer (bmo#1584170)

  - CVE-2019-17011: Fixed a use-after-free when retrieving a
    document in antitracking (bmo#1591334)

  - CVE-2019-17012: Fixed multiple memmory issues
    (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)

This update was imported from the SUSE:SLE-15:Update update project.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157652");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158328");
  script_set_attribute(attribute:"solution", value:
"Update the affected MozillaFirefox packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17012");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-debuginfo-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-debugsource-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-devel-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-translations-common-68.3.0-lp151.2.21.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"MozillaFirefox-translations-other-68.3.0-lp151.2.21.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-upstream / etc");
}
VendorProductVersionCPE
novellopensusemozillafirefoxp-cpe:/a:novell:opensuse:mozillafirefox
novellopensusemozillafirefox-branding-upstreamp-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream
novellopensusemozillafirefox-buildsymbolsp-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols
novellopensusemozillafirefox-debuginfop-cpe:/a:novell:opensuse:mozillafirefox-debuginfo
novellopensusemozillafirefox-debugsourcep-cpe:/a:novell:opensuse:mozillafirefox-debugsource
novellopensusemozillafirefox-develp-cpe:/a:novell:opensuse:mozillafirefox-devel
novellopensusemozillafirefox-translations-commonp-cpe:/a:novell:opensuse:mozillafirefox-translations-common
novellopensusemozillafirefox-translations-otherp-cpe:/a:novell:opensuse:mozillafirefox-translations-other
novellopensuse15.1cpe:/o:novell:opensuse:15.1

Related

nessus 58
suse 2
kaspersky 3
openvas 30
altlinux 2
slackware 1
mozilla 3
mageia 3
archlinux 2
redhat 11
centos 4
oraclelinux 8
osv 6
debian 5
amazon 1
ubuntu 5
ibm 3
alpinelinux 7
debiancve 8
prion 8
ubuntucve 8
cve 7
redhatcve 8
veracode 6
nessus
nessus
SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2019:14260-1)
2021-06-10 00:00:00
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1)
2019-12-20 00:00:00
Slackware 14.2 / current : mozilla-firefox (SSA:2019-337-01)
2019-12-04 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2020-01-09 00:00:00
Security update for MozillaFirefox (important)
2020-01-09 00:00:00
kaspersky
kaspersky
KLA11612 Multiple vulnerabilities in Mozilla Firefox ESR
2019-12-03 00:00:00
KLA11613 Multiple vulnerabilities in Mozilla Thunderbird
2019-11-09 00:00:00
KLA11611 Multiple vulnerabilities in Mozilla Firefox
2019-12-03 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2019-337-01)
2022-04-21 00:00:00
Mozilla Thunderbird Security Advisory (MFSA2019-38) - Windows
2019-12-06 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:0002-1)
2020-01-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.3.0-alt1
2019-12-05 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.3.1-alt1
2019-12-23 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2019-12-03 19:30:37
mozilla
mozilla
Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla
2019-12-03 00:00:00
Security Vulnerabilities fixed in - Firefox ESR 68.3 — Mozilla
2019-12-03 00:00:00
Security Vulnerabilities fixed in - Firefox 71 — Mozilla
2019-12-03 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-12-08 21:12:18
Updated thunderbird packages fix security vulnerabilities
2019-12-08 21:12:18
Updated nss packages fix security vulnerability
2019-12-08 21:12:18
archlinux
archlinux
[ASA-201912-2] thunderbird: arbitrary code execution
2019-12-06 00:00:00
[ASA-201912-1] firefox: multiple issues
2019-12-03 00:00:00
redhat
redhat
(RHSA-2019:4148) Important: thunderbird security update
2019-12-10 10:00:29
(RHSA-2019:4195) Important: thunderbird security update
2019-12-10 19:09:15
(RHSA-2019:4108) Critical: firefox security update
2019-12-05 15:00:15
centos
centos
thunderbird security update
2019-12-24 15:58:02
firefox security update
2019-12-11 17:42:55
firefox security update
2019-12-24 15:58:51
oraclelinux
oraclelinux
thunderbird security update
2020-07-07 00:00:00
thunderbird security update
2019-12-11 00:00:00
firefox security update
2019-12-05 00:00:00
osv
osv
thunderbird - security update
2019-12-16 00:00:00
firefox-esr - security update
2019-12-10 00:00:00
firefox-esr - security update
2019-12-09 00:00:00
debian
debian
[SECURITY] [DSA 4585-1] thunderbird security update
2019-12-15 17:49:13
[SECURITY] [DSA 4580-1] firefox-esr security update
2019-12-09 19:59:41
[SECURITY] [DLA 2029-1] firefox-esr security update
2019-12-10 13:16:02
amazon
amazon
Important: thunderbird
2020-01-14 20:08:00
ubuntu
ubuntu
Firefox vulnerabilities
2019-12-13 00:00:00
Firefox vulnerabilities
2019-12-09 00:00:00
Thunderbird vulnerabilities
2020-01-16 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.3 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF10 + ICAM 3.0 - 4.0
2020-02-28 08:49:25
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-11745)
2021-01-12 20:25:53
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities
2020-08-31 14:28:37
alpinelinux
alpinelinux
CVE-2019-17009
2020-01-08 22:15:00
CVE-2019-11745
2020-01-08 20:15:00
CVE-2019-17010
2020-01-08 22:15:00
debiancve
debiancve
CVE-2019-17009
2020-01-08 22:15:00
CVE-2019-13722
2020-01-14 19:15:00
CVE-2019-11745
2020-01-08 20:15:00
prion
prion
Sql injection
2020-01-08 22:15:00
Design/Logic Flaw
2020-01-08 22:15:00
Design/Logic Flaw
2020-01-14 19:15:00
ubuntucve
ubuntucve
CVE-2019-17009
2020-01-08 00:00:00
CVE-2019-13722
2020-01-14 00:00:00
CVE-2019-11745
2019-11-25 00:00:00
cve
cve
CVE-2019-17009
2020-01-08 22:15:00
CVE-2019-13722
2020-01-14 19:15:00
CVE-2019-17008
2020-01-08 22:15:00
redhatcve
redhatcve
CVE-2019-17009
2019-12-04 00:48:05
CVE-2019-13722
2020-03-29 20:01:08
CVE-2019-17012
2020-01-18 09:45:54
veracode
veracode
Denial Of Service (DoS)
2019-12-06 00:16:44
Denial Of Service (DoS)
2019-12-10 00:18:20
Denial Of Service (DoS)
2019-12-06 00:16:42

8.7 High

AI Score

Confidence

High

JSON
Related for OPENSUSE-2020-2.NASL
nessus58suse2kaspersky3openvas30altlinux2slackware1mozilla3mageia3archlinux2redhat11centos4oraclelinux8osv6debian5amazon1ubuntu5ibm3alpinelinux7debiancve8prion8ubuntucve8cve7redhatcve8veracode6