openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)

2021-07-02T00:00:00

Description

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0949-1 advisory. - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544) - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30545) - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546) - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547) - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548) - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30549) - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30550) - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551) - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30552) - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553) - Use after free in WebGL. (CVE-2021-30554) - Use after free in Sharing. (CVE-2021-30555) - Use after free in WebAudio. (CVE-2021-30556) - Use after free in TabGroups. (CVE-2021-30557) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "OPENSUSE-2021-949.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0949-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-02T00:00:00", "modified": "2022-01-18T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/151278", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2021-30547", "https://www.suse.com/security/cve/CVE-2021-30556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30553", "https://www.suse.com/security/cve/CVE-2021-30549", "https://www.suse.com/security/cve/CVE-2021-30554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547", "https://www.suse.com/security/cve/CVE-2021-30552", "https://www.suse.com/security/cve/CVE-2021-30557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30555", "http://www.nessus.org/u?bf2e46c2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30549", "https://www.suse.com/security/cve/CVE-2021-30544", "https://www.suse.com/security/cve/CVE-2021-30555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30552", "https://www.suse.com/security/cve/CVE-2021-30548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551", "https://www.suse.com/security/cve/CVE-2021-30550", "https://www.suse.com/security/cve/CVE-2021-30546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30548", "https://www.suse.com/security/cve/CVE-2021-30553", "https://www.suse.com/security/cve/CVE-2021-30551", "https://www.suse.com/security/cve/CVE-2021-30545"], "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "immutableFields": [], "lastseen": "2023-05-18T15:31:08", "viewCount": 100, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2743", "ALSA-2021:2883"]}, {"type": "altlinux", "idList": ["6C345673B583A9DEB51B12EA84BE3008", "BF6CCD29A10DA07AFA3DE1AB47BA1329"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202106-31", "ASA-202106-32", "ASA-202106-45", "ASA-202106-46", "ASA-202106-47", "ASA-202107-1", "ASA-202107-2", "ASA-202107-20", "ASA-202107-21", "ASA-202107-4"]}, {"type": "attackerkb", "idList": ["AKB:51E88AF4-0A81-4B72-8855-34DF072124D9", "AKB:732A3017-A62C-4347-9709-9B8790F47FA1"]}, {"type": "centos", "idList": ["CESA-2021:2741"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0484"]}, {"type": "chrome", "idList": ["GCSA-6244807684233791030", "GCSA-8794598538337601472"]}, {"type": "cisa", "idList": ["CISA:D060813248AE96F3F62B7F67A176132F", "CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-30551", "CISA-KEV-CVE-2021-30554"]}, {"type": "cve", "idList": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2709-1:3F60F", "DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4939-1:368B7", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30544", "DEBIANCVE:CVE-2021-30545", "DEBIANCVE:CVE-2021-30546", "DEBIANCVE:CVE-2021-30547", "DEBIANCVE:CVE-2021-30548", "DEBIANCVE:CVE-2021-30549", "DEBIANCVE:CVE-2021-30550", "DEBIANCVE:CVE-2021-30551", "DEBIANCVE:CVE-2021-30552", "DEBIANCVE:CVE-2021-30553", "DEBIANCVE:CVE-2021-30554", "DEBIANCVE:CVE-2021-30555", "DEBIANCVE:CVE-2021-30556", "DEBIANCVE:CVE-2021-30557"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:6987B3049380", "FEDORA:75CA430AA7A6"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202107-06", "GLSA-202202-03", "GLSA-202208-14", "GLSA-202208-25"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA12204", "KLA12205", "KLA12209", "KLA12210", "KLA12211", "KLA12215", "KLA12227", "KLA12228", "KLA12229"]}, {"type": "mageia", "idList": ["MGASA-2021-0354", "MGASA-2021-0355"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "mozilla", "idList": ["MFSA2021-28", "MFSA2021-29", "MFSA2021-30"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30544", "MS:CVE-2021-30545", "MS:CVE-2021-30546", "MS:CVE-2021-30547", "MS:CVE-2021-30548", "MS:CVE-2021-30549", "MS:CVE-2021-30550", "MS:CVE-2021-30551", "MS:CVE-2021-30552", "MS:CVE-2021-30553", "MS:CVE-2021-30554", "MS:CVE-2021-30555", "MS:CVE-2021-30556", "MS:CVE-2021-30557"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2743.NASL", "CENTOS8_RHSA-2021-2883.NASL", "CENTOS_RHSA-2021-2741.NASL", "DEBIAN_DLA-2709.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4939.NASL", "DEBIAN_DSA-4940.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "GENTOO_GLSA-202107-06.NASL", "GENTOO_GLSA-202202-03.NASL", "GENTOO_GLSA-202208-14.NASL", "GENTOO_GLSA-202208-25.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "GOOGLE_CHROME_91_0_4472_114.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "MACOS_FIREFOX_78_12_ESR.NASL", "MACOS_FIREFOX_90_0.NASL", "MACOS_THUNDERBIRD_78_12.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "MOZILLA_FIREFOX_78_12_ESR.NASL", "MOZILLA_FIREFOX_90_0.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "NEWSTART_CGSL_NS-SA-2022-0005_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2022-0041_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2022-0052_FIREFOX.NASL", "OPENSUSE-2021-1066.NASL", "OPENSUSE-2021-1091.NASL", "OPENSUSE-2021-2393.NASL", "OPENSUSE-2021-2458.NASL", "OPENSUSE-2021-881.NASL", "OPENSUSE-2021-898.NASL", "OPENSUSE-2021-938.NASL", "ORACLELINUX_ELSA-2021-2741.NASL", "ORACLELINUX_ELSA-2021-2743.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2740.NASL", "REDHAT-RHSA-2021-2741.NASL", "REDHAT-RHSA-2021-2742.NASL", "REDHAT-RHSA-2021-2743.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "SL_20210715_FIREFOX_ON_SL7_X.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-14766-1.NASL", "SUSE_SU-2021-2389-1.NASL", "SUSE_SU-2021-2393-1.NASL", "SUSE_SU-2021-2458-1.NASL", "SUSE_SU-2021-2478-1.NASL", "UBUNTU_USN-5011-1.NASL", "UBUNTU_USN-5058-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2741", "ELSA-2021-2743", "ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "osv", "idList": ["OSV:DLA-2709-1", "OSV:DLA-2711-1", "OSV:DSA-4939-1", "OSV:DSA-4940-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "redhat", "idList": ["RHSA-2021:2740", "RHSA-2021:2741", "RHSA-2021:2742", "RHSA-2021:2743", "RHSA-2021:2881", "RHSA-2021:2882", "RHSA-2021:2883", "RHSA-2021:2914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30547", "RH:CVE-2021-30550", "RH:CVE-2021-30555"]}, {"type": "rocky", "idList": ["RLSA-2021:2743", "RLSA-2021:2883"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0898-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1", "OPENSUSE-SU-2021:1066-1", "OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2393-1", "OPENSUSE-SU-2021:2458-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:62ECC5B73032124D6559355B66E1C469", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:B7217784F9D53002315C9C43CCC73766", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-5011-1", "USN-5058-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30544", "UB:CVE-2021-30545", "UB:CVE-2021-30546", "UB:CVE-2021-30547", "UB:CVE-2021-30548", "UB:CVE-2021-30549", "UB:CVE-2021-30550", "UB:CVE-2021-30551", "UB:CVE-2021-30552", "UB:CVE-2021-30553", "UB:CVE-2021-30554", "UB:CVE-2021-30555", "UB:CVE-2021-30556", "UB:CVE-2021-30557"]}, {"type": "veracode", "idList": ["VERACODE:30943", "VERACODE:30944", "VERACODE:30945", "VERACODE:30946", "VERACODE:30947", "VERACODE:30948", "VERACODE:30949", "VERACODE:30950", "VERACODE:30951", "VERACODE:30952"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2743", "ALSA-2021:2883"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202106-31", "ASA-202106-32", "ASA-202106-45", "ASA-202106-46", "ASA-202106-47", "ASA-202107-20", "ASA-202107-21"]}, {"type": "attackerkb", "idList": ["AKB:51E88AF4-0A81-4B72-8855-34DF072124D9"]}, {"type": "centos", "idList": ["CESA-2021:2741"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0484"]}, {"type": "chrome", "idList": ["GCSA-6244807684233791030", "GCSA-8794598538337601472"]}, {"type": "cisa", "idList": ["CISA:D060813248AE96F3F62B7F67A176132F", "CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cve", "idList": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2709-1:3F60F", "DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4939-1:368B7", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30544", "DEBIANCVE:CVE-2021-30545", "DEBIANCVE:CVE-2021-30546", "DEBIANCVE:CVE-2021-30547", "DEBIANCVE:CVE-2021-30548", "DEBIANCVE:CVE-2021-30549", "DEBIANCVE:CVE-2021-30550", "DEBIANCVE:CVE-2021-30551", "DEBIANCVE:CVE-2021-30552", "DEBIANCVE:CVE-2021-30553", "DEBIANCVE:CVE-2021-30554", "DEBIANCVE:CVE-2021-30555", "DEBIANCVE:CVE-2021-30556", "DEBIANCVE:CVE-2021-30557"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:6987B3049380"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202107-06"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "kaspersky", "idList": ["KLA12204", "KLA12205", "KLA12209", "KLA12210", "KLA12211", "KLA12215", "KLA12227", "KLA12228", "KLA12229"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30555/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30556/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30557/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30544/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30545/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30546/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30547/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30548/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30549/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30550/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30552/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30553/"]}, {"type": "mozilla", "idList": ["MFSA2021-28"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30544", "MS:CVE-2021-30545", "MS:CVE-2021-30546", "MS:CVE-2021-30547", "MS:CVE-2021-30548", "MS:CVE-2021-30549", "MS:CVE-2021-30550", "MS:CVE-2021-30551", "MS:CVE-2021-30552", "MS:CVE-2021-30553", "MS:CVE-2021-30554", "MS:CVE-2021-30555", "MS:CVE-2021-30556", "MS:CVE-2021-30557"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2743.NASL", "CENTOS8_RHSA-2021-2883.NASL", "CENTOS_RHSA-2021-2741.NASL", "DEBIAN_DLA-2709.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4939.NASL", "DEBIAN_DSA-4940.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "GOOGLE_CHROME_91_0_4472_114.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "MOZILLA_FIREFOX_78_12_ESR.NASL", "MOZILLA_FIREFOX_90_0.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "OPENSUSE-2021-1066.NASL", "OPENSUSE-2021-2393.NASL", "OPENSUSE-2021-2458.NASL", "ORACLELINUX_ELSA-2021-2741.NASL", "ORACLELINUX_ELSA-2021-2743.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2740.NASL", "REDHAT-RHSA-2021-2741.NASL", "REDHAT-RHSA-2021-2742.NASL", "REDHAT-RHSA-2021-2743.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "SL_20210715_FIREFOX_ON_SL7_X.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-14766-1.NASL", "SUSE_SU-2021-2389-1.NASL", "SUSE_SU-2021-2393-1.NASL", "SUSE_SU-2021-2458-1.NASL", "SUSE_SU-2021-2478-1.NASL", "UBUNTU_USN-5011-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2741", "ELSA-2021-2743", "ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "redhat", "idList": ["RHSA-2021:2743"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30547"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0898-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1", "OPENSUSE-SU-2021:1066-1", "OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2393-1", "OPENSUSE-SU-2021:2458-1"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:62ECC5B73032124D6559355B66E1C469", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-5011-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30544", "UB:CVE-2021-30545", "UB:CVE-2021-30546", "UB:CVE-2021-30547", "UB:CVE-2021-30548", "UB:CVE-2021-30550", "UB:CVE-2021-30551", "UB:CVE-2021-30552", "UB:CVE-2021-30553", "UB:CVE-2021-30554", "UB:CVE-2021-30555", "UB:CVE-2021-30556", "UB:CVE-2021-30557"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-30544", "epss": 0.0032, "percentile": 0.66131, "modified": "2023-05-07"}, {"cve": "CVE-2021-30545", "epss": 0.0032, "percentile": 0.66131, "modified": "2023-05-07"}, {"cve": "CVE-2021-30546", "epss": 0.0032, "percentile": 0.66131, "modified": "2023-05-07"}, {"cve": "CVE-2021-30547", "epss": 0.00455, "percentile": 0.7153, "modified": "2023-05-07"}, {"cve": "CVE-2021-30548", "epss": 0.0032, "percentile": 0.66131, "modified": "2023-05-07"}, {"cve": "CVE-2021-30549", "epss": 0.00221, "percentile": 0.58768, "modified": "2023-05-07"}, {"cve": "CVE-2021-30550", "epss": 0.00221, "percentile": 0.58768, "modified": "2023-05-07"}, {"cve": "CVE-2021-30551", "epss": 0.33503, "percentile": 0.96427, "modified": "2023-05-07"}, {"cve": "CVE-2021-30552", "epss": 0.00221, "percentile": 0.58768, "modified": "2023-05-07"}, {"cve": "CVE-2021-30553", "epss": 0.0032, "percentile": 0.66131, "modified": "2023-05-07"}, {"cve": "CVE-2021-30554", "epss": 0.0068, "percentile": 0.77029, "modified": "2023-05-07"}, {"cve": "CVE-2021-30555", "epss": 0.00234, "percentile": 0.59981, "modified": "2023-05-07"}, {"cve": "CVE-2021-30556", "epss": 0.00281, "percentile": 0.63781, "modified": "2023-05-07"}, {"cve": "CVE-2021-30557", "epss": 0.00234, "percentile": 0.59981, "modified": "2023-05-07"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1684449048, "score": 1684450122, "epss": 0}, "_internal": {"score_hash": "e17a8bca82c12d5f5615facbab0fdd54"}, "pluginID": "151278", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0949-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151278);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\",\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0949-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y5YMAC6DXOAQQEUSMY36JS76YC35PAXY/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf2e46c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'opera-77.0.4054.146-lp152.2.52.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected opera package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-30557", "vendor_cvss2": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.0"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-07-01T00:00:00", "vulnerabilityPublicationDate": "2021-06-09T00:00:00", "exploitableWith": []}

{"suse": [{"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 77.0.4054.146\n\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at\n opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-948=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-01T00:00:00", "id": "OPENSUSE-SU-2021:0948-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 77.0.4054.146\n\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at opera::(anonymous\n namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557,\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-949=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-01T00:00:00", "id": "OPENSUSE-SU-2021:0949-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y5YMAC6DXOAQQEUSMY36JS76YC35PAXY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.114 (boo#1187481)\n\n * CVE-2021-30554: Use after free in WebGL\n * CVE-2021-30555: Use after free in Sharing\n * CVE-2021-30556: Use after free in WebAudio\n * CVE-2021-30557: Use after free in TabGroups\n * CVE-2021-30544: Use after free in BFCache\n * CVE-2021-30545: Use after free in Extensions\n * CVE-2021-30546: Use after free in Autofill\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-30548: Use after free in Loader\n * CVE-2021-30549: Use after free in Spell check\n * CVE-2021-30550: Use after free in Accessibility\n * CVE-2021-30551: Type Confusion in V8\n * CVE-2021-30552: Use after free in Extensions\n * CVE-2021-30553: Use after free in Network service\n * Fix use-after-free in SendTabToSelfSubMenuModel\n * Destroy system-token NSSCertDatabase on the IO thread\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-938=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-28T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-28T00:00:00", "id": "OPENSUSE-SU-2021:0938-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 10 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.101 (boo#1187141)\n\n * CVE-2021-30544: Use after free in BFCache\n * CVE-2021-30545: Use after free in Extensions\n * CVE-2021-30546: Use after free in Autofill\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-30548: Use after free in Loader\n * CVE-2021-30549: Use after free in Spell check\n * CVE-2021-30550: Use after free in Accessibility\n * CVE-2021-30551: Type Confusion in V8\n * CVE-2021-30552: Use after free in Extensions\n * CVE-2021-30553: Use after free in Network service\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-881=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-16T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-16T00:00:00", "id": "OPENSUSE-SU-2021:0881-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKDHVVJH6V5YXSGWD7GDW62DQXQ22Y5E/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.114 (boo#1187481)\n\n * CVE-2021-30554: Use after free in WebGL\n * CVE-2021-30555: Use after free in Sharing\n * CVE-2021-30556: Use after free in WebAudio\n * CVE-2021-30557: Use after free in TabGroups\n\n Chromium 91.0.4472.106\n\n * Fix use-after-free in SendTabToSelfSubMenuModel\n * Destroy system-token NSSCertDatabase on the IO thread\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-898=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-21T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-21T00:00:00", "id": "OPENSUSE-SU-2021:0898-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaFirefox fixes the following issues:\n\n Firefox Extended Support Release 78.12.0 ESR\n\n * Fixed: Various stability, functionality, and security fixes\n\n MFSA 2021-29 (bsc#1188275)\n\n * CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features\n of a document\n * CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE\n * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576,\n bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR\n 78.12\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2393=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-19T00:00:00", "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-19T00:00:00", "id": "OPENSUSE-SU-2021:2393-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZB4J5MBNEXABZ45GDK2VINW2XRUSLGX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T00:09:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaFirefox fixes the following issues:\n\n Firefox Extended Support Release 78.12.0 ESR\n\n * Fixed: Various stability, functionality, and security fixes\n\n MFSA 2021-29 (bsc#1188275)\n\n * CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features\n of a document\n * CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE\n * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576,\n bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR\n 78.12\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1066=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-20T00:00:00", "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-20T00:00:00", "id": "OPENSUSE-SU-2021:1066-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P253WUL63Q3NMRE2SIMFESB3E4L3KLVY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T21:00:55", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in the URL\n sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type \"DURATION\"\n caused sync problems for some users\n * fixed: Various security fixes\n\n MFSA 2021-30 (bsc#1188275)\n\n * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS\n could be processed\n * CVE-2021-29970: Use-after-free in accessibility features of a document\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1091=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-04T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-04T00:00:00", "id": "OPENSUSE-SU-2021:1091-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:39", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in the URL\n sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type \"DURATION\"\n caused sync problems for some users\n * fixed: Various security fixes\n\n MFSA 2021-30 (bsc#1188275)\n\n * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS\n could be processed\n * CVE-2021-29970: Use-after-free in accessibility features of a document\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2458=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-22T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-22T00:00:00", "id": "OPENSUSE-SU-2021:2458-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:30:49", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0938-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0938-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-938.NASL", "href": "https://www.tenable.com/plugins/nessus/151198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0938-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151198);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\",\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0938-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0938-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187481\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcce1bda\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.114-bp153.2.13.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-91.0.4472.114-bp153.2.13.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-bp153.2.13.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-bp153.2.13.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:55", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0881-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0881-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-881.NASL", "href": "https://www.tenable.com/plugins/nessus/151083", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0881-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151083);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0881-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0881-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187141\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKDHVVJH6V5YXSGWD7GDW62DQXQ22Y5E/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b685451f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.101-lp152.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.101-lp152.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:49", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "href": "https://www.tenable.com/plugins/nessus/150721", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150721);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-11-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?294d93d8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.48 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.48' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:40", "description": "Chrome Releases reports :\n\nThis release contains 14 security fixes, including :\n\n- [1212618] Critical CVE-2021-30544: Use after free in BFCache.\nReported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n- [1201031] High CVE-2021-30545: Use after free in Extensions.\nReported by kkwon with everpall and kkomdal on 2021-04-21\n\n- [1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08\n\n- [1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\nReported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n- [1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n- [1212498] High CVE-2021-30549: Use after free in Spell check.\nReported by David Erceg on 2021-05-23\n\n- [1212500] High CVE-2021-30550: Use after free in Accessibility.\nReported by David Erceg on 2021-05-23\n\n- [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04\n\n- [1200679] Medium CVE-2021-30552: Use after free in Extensions.\nReported by David Erceg on 2021-04-20\n\n- [1209769] Medium CVE-2021-30553: Use after free in Network service.\nReported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild.", "cvss3": {}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (20b3ab21-c9df-11eb-8558-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/150702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150702);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-30544\", \"CVE-2021-30545\", \"CVE-2021-30546\", \"CVE-2021-30547\", \"CVE-2021-30548\", \"CVE-2021-30549\", \"CVE-2021-30550\", \"CVE-2021-30551\", \"CVE-2021-30552\", \"CVE-2021-30553\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (20b3ab21-c9df-11eb-8558-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 14 security fixes, including :\n\n- [1212618] Critical CVE-2021-30544: Use after free in BFCache.\nReported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n- [1201031] High CVE-2021-30545: Use after free in Extensions.\nReported by kkwon with everpall and kkomdal on 2021-04-21\n\n- [1206911] High CVE-2021-30546: Use after free in Autofill. Reported\nby Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on\n2021-05-08\n\n- [1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\nReported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n- [1210487] High CVE-2021-30548: Use after free in Loader. Reported by\nYangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n- [1212498] High CVE-2021-30549: Use after free in Spell check.\nReported by David Erceg on 2021-05-23\n\n- [1212500] High CVE-2021-30550: Use after free in Accessibility.\nReported by David Erceg on 2021-05-23\n\n- [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by\nSergei Glazunov of Google Project Zero on 2021-06-04\n\n- [1200679] Medium CVE-2021-30552: Use after free in Extensions.\nReported by David Erceg on 2021-04-20\n\n- [1209769] Medium CVE-2021-30553: Use after free in Network service.\nReported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30538e38\"\n );\n # https://vuxml.freebsd.org/freebsd/20b3ab21-c9df-11eb-8558-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5282014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.101\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:56:17", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.101 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "href": "https://www.tenable.com/plugins/nessus/150431", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150431);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.101 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.101. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30538e38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.101', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:17", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.101 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_101.NASL", "href": "https://www.tenable.com/plugins/nessus/150430", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.101 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.101. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30538e38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.101', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:11", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0898-1 advisory.\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0898-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-898.NASL", "href": "https://www.tenable.com/plugins/nessus/151077", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0898-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151077);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0898-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0898-1 advisory.\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187481\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71199d94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.114-lp152.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-lp152.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:52", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_114.NASL", "href": "https://www.tenable.com/plugins/nessus/150854", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150854);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1215029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202102\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:10", "description": "Chrome Releases reports :\n\nThis release includes 4 security fixes, including :\n\n- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15\n\n- [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01\n\n- [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n- [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23", "cvss3": {}, "published": "2021-06-25T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (afdc7579-d023-11eb-bcad-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/151005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151005);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (afdc7579-d023-11eb-bcad-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release includes 4 security fixes, including :\n\n- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by\nanonymous on 2021-06-15\n\n- [1215029] High CVE-2021-30555: Use after free in Sharing. Reported\nby David Erceg on 2021-06-01\n\n- [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported\nby Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n- [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported\nby David Erceg on 2021-04-23\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n # https://vuxml.freebsd.org/freebsd/afdc7579-d023-11eb-bcad-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91d0cec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.114\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:29", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "href": "https://www.tenable.com/plugins/nessus/150855", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150855);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.114. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1215029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202102\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:51", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-18T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "href": "https://www.tenable.com/plugins/nessus/150868", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150868);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-18-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe8ae1a6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.54' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:39:26", "description": "The remote host is affected by the vulnerability described in GLSA-202107-06 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof a URL or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-06 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-06-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-06.NASL", "href": "https://www.tenable.com/plugins/nessus/156995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-06.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(156995);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/28\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\", \"CVE-2021-30521\", \"CVE-2021-30522\", \"CVE-2021-30523\", \"CVE-2021-30524\", \"CVE-2021-30525\", \"CVE-2021-30526\", \"CVE-2021-30527\", \"CVE-2021-30528\", \"CVE-2021-30530\", \"CVE-2021-30531\", \"CVE-2021-30532\", \"CVE-2021-30533\", \"CVE-2021-30534\", \"CVE-2021-30536\", \"CVE-2021-30537\", \"CVE-2021-30538\", \"CVE-2021-30539\", \"CVE-2021-30540\", \"CVE-2021-30544\", \"CVE-2021-30545\", \"CVE-2021-30546\", \"CVE-2021-30548\", \"CVE-2021-30549\", \"CVE-2021-30550\", \"CVE-2021-30551\", \"CVE-2021-30552\", \"CVE-2021-30553\", \"CVE-2021-30554\", \"CVE-2021-30555\", \"CVE-2021-30556\", \"CVE-2021-30557\");\n script_xref(name:\"GLSA\", value:\"202107-06\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"GLSA-202107-06 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-06\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n obtain sensitive information, spoof a URL or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202107-06\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-91.0.4472.114'\n All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-91.0.4472.114'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 91.0.4472.114\"), vulnerable:make_list(\"lt 91.0.4472.114\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 91.0.4472.114\"), vulnerable:make_list(\"lt 91.0.4472.114\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:35", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4939 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "Debian DSA-4939-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca-valencia", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ia", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-my", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ne-np", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-oc", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-trs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ur", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca-valencia", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ia", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-my", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ne-np", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-oc", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-trs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ur", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn"], "id": "DEBIAN_DSA-4939.NASL", "href": "https://www.tenable.com/plugins/nessus/151667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4939. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151667);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Debian DSA-4939-1 : firefox-esr - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-4939 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/firefox-esr\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (buster), these problems have been fixed in version 78.12.0esr-1~deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca-valencia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ne-np\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-trs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca-valencia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ne-np\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-trs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'firefox-esr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ach', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-af', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-all', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-an', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ar', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ast', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-az', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-be', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-bg', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-bn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-br', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-bs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ca', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ca-valencia', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-cak', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-cs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-cy', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-da', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-de', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-dsb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-el', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-en-ca', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-en-gb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-eo', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-es-ar', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-es-cl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-es-es', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-es-mx', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-et', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-eu', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-fa', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ff', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-fi', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-fr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-fy-nl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ga-ie', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-gd', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-gl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-gn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-gu-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-he', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-hi-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-hr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-hsb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-hu', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-hy-am', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ia', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-id', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-is', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-it', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ja', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ka', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-kab', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-kk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-km', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-kn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ko', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-lij', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-lt', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-lv', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-mk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-mr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ms', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-my', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-nb-no', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ne-np', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-nl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-nn-no', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-oc', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-pa-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-pl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-pt-br', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-pt-pt', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-rm', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ro', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ru', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-si', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-sk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-sl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-son', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-sq', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-sr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-sv-se', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ta', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-te', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-th', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-tl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-tr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-trs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-uk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-ur', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-uz', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-vi', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-xh', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-zh-cn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'firefox-esr-l10n-zh-tw', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ach', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-af', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-all', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-an', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ar', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ast', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-az', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-be', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-bg', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-bn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-br', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-bs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ca', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ca-valencia', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-cak', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-cs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-cy', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-da', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-de', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-dsb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-el', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-en-ca', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-en-gb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-eo', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-es-ar', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-es-cl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-es-es', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-es-mx', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-et', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-eu', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-fa', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ff', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-fi', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-fr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-fy-nl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ga-ie', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-gd', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-gl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-gn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-gu-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-he', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-hi-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-hr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-hsb', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-hu', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-hy-am', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ia', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-id', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-is', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-it', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ja', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ka', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-kab', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-kk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-km', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-kn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ko', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-lij', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-lt', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-lv', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-mk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-mr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ms', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-my', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-nb-no', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ne-np', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-nl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-nn-no', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-oc', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-pa-in', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-pl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-pt-br', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-pt-pt', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-rm', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ro', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ru', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-si', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-sk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-sl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-son', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-sq', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-sr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-sv-se', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ta', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-te', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-th', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-tl', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-tr', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-trs', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-uk', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-ur', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-uz', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-vi', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-xh', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-zh-cn', 'reference': '78.12.0esr-1~deb10u1'},\n {'release': '10.0', 'prefix': 'iceweasel-l10n-zh-tw', 'reference': '78.12.0esr-1~deb10u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox-esr / firefox-esr-l10n-ach / firefox-esr-l10n-af / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:35", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2709 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "Debian DLA-2709-1 : firefox-esr - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca-valencia", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ia", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-my", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ne-np", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-oc", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-trs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ur", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca-valencia", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ia", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-trs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ur", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:9.0", "p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-my", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ne-np", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-oc", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro"], "id": "DEBIAN_DLA-2709.NASL", "href": "https://www.tenable.com/plugins/nessus/151677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2709. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151677);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Debian DLA-2709-1 : firefox-esr - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2709 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/firefox-esr\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/firefox-esr\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the firefox-esr packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 78.12.0esr-1~deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca-valencia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ne-np\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-trs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca-valencia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-my\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ne-np\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-oc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-trs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '9.0', 'prefix': 'firefox-esr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-dev', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ach', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-af', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-all', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-an', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ar', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-as', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ast', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-az', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-be', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-bg', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-bn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-bn-bd', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-bn-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-br', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-bs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ca', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ca-valencia', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-cak', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-cs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-cy', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-da', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-de', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-dsb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-el', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-en-ca', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-en-gb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-en-za', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-eo', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-es-ar', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-es-cl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-es-es', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-es-mx', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-et', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-eu', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-fa', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ff', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-fi', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-fr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-fy-nl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ga-ie', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-gd', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-gl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-gn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-gu-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-he', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-hi-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-hr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-hsb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-hu', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-hy-am', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ia', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-id', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-is', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-it', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ja', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ka', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-kab', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-kk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-km', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-kn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ko', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-lij', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-lt', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-lv', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-mai', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-mk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ml', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-mr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ms', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-my', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-nb-no', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ne-np', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-nl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-nn-no', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-oc', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-or', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-pa-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-pl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-pt-br', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-pt-pt', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-rm', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ro', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ru', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-si', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-sk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-sl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-son', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-sq', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-sr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-sv-se', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ta', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-te', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-th', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-tl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-tr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-trs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-uk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-ur', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-uz', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-vi', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-xh', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-zh-cn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'firefox-esr-l10n-zh-tw', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-dev', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ach', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-af', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-all', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-an', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ar', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-as', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ast', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-az', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-be', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-bg', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-bn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-bn-bd', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-bn-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-br', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-bs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ca', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ca-valencia', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-cak', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-cs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-cy', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-da', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-de', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-dsb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-el', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-en-ca', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-en-gb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-en-za', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-eo', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-es-ar', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-es-cl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-es-es', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-es-mx', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-et', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-eu', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-fa', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ff', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-fi', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-fr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-fy-nl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ga-ie', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-gd', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-gl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-gn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-gu-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-he', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-hi-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-hr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-hsb', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-hu', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-hy-am', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ia', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-id', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-is', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-it', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ja', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ka', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-kab', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-kk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-km', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-kn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ko', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-lij', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-lt', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-lv', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-mai', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-mk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ml', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-mr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ms', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-my', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-nb-no', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ne-np', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-nl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-nn-no', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-oc', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-or', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-pa-in', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-pl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-pt-br', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-pt-pt', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-rm', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ro', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ru', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-si', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-sk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-sl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-son', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-sq', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-sr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-sv-se', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ta', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-te', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-th', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-tl', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-tr', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-trs', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-uk', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-ur', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-uz', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-vi', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-xh', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-zh-cn', 'reference': '78.12.0esr-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceweasel-l10n-zh-tw', 'reference': '78.12.0esr-1~deb9u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox-esr / firefox-esr-dev / firefox-esr-l10n-ach / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:25", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2741-1 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:2741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo"], "id": "SL_20210715_FIREFOX_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/151678", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151678);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2741\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:2741)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2741-1 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212741-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox and / or firefox-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'firefox-78.12.0-1.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-debuginfo-78.12.0-1.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:35", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2743 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : firefox (ELSA-2021-2743)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2021-2743.NASL", "href": "https://www.tenable.com/plugins/nessus/151681", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2743.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151681);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 8 : firefox (ELSA-2021-2743)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2743 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2743.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'firefox-78.12.0-1.0.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:35", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2741 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : firefox (ELSA-2021-2741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:firefox"], "id": "ORACLELINUX_ELSA-2021-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/151682", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2741.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151682);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 7 : firefox (ELSA-2021-2741)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2741 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2741.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'firefox-78.12.0-1.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.0.1.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:53", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14766-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-17T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14766-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14766-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151803", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14766-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151803);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14766-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14766-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14766-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009151.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39ae880b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-translations-common and / or MozillaFirefox-translations-other\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'MozillaFirefox-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-78.134.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:56", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-29 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-17T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_78_12_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/151573", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-29.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151573);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/17\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2021-29 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'78.12', min:'78.0.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:17", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2743 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "CentOS 8 : firefox (CESA-2021:2743)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:firefox"], "id": "CENTOS8_RHSA-2021-2743.NASL", "href": "https://www.tenable.com/plugins/nessus/151797", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2743. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151797);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"RHSA\", value:\"2021:2743\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"CentOS 8 : firefox (CESA-2021:2743)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:2743 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2743\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-78.12.0-1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:23", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2478-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:2478-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152113", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2478-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152113);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2478-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:2478-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:2478-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009220.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca608b25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-devel, MozillaFirefox-translations-common and / or MozillaFirefox-\ntranslations-other packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'MozillaFirefox-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'MozillaFirefox-devel-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-3.147.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:28", "description": "The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2741 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "CentOS 7 : firefox (CESA-2021:2741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/151674", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2741 and\n# CentOS Errata and Security Advisory 2021:2741 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151674);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"2021:2741\");\n\n script_name(english:\"CentOS 7 : firefox (CESA-2021:2741)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:2741 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-July/048343.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f2bff16\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/120.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-78.12.0-1.el7.centos', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.12.0-1.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:58", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2393-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:2393-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2393.NASL", "href": "https://www.tenable.com/plugins/nessus/151820", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2393-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151820);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:2393-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2393-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZB4J5MBNEXABZ45GDK2VINW2XRUSLGX/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f0d5751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'MozillaFirefox-78.12.0-8.46.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-branding-upstream-78.12.0-8.46.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-buildsymbols-78.12.0-8.46.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-translations-common-78.12.0-8.46.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-translations-other-78.12.0-8.46.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-branding-upstream / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:58", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2393-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:2393-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151813", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2393-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151813);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2393-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:2393-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2393-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2021-July/019626.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-devel, MozillaFirefox-translations-common and / or MozillaFirefox-\ntranslations-other packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'MozillaFirefox-78.12.0-8.46.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-78.12.0-8.46.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-8.46.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-8.46.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-8.46.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-8.46.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.2'},\n {'reference':'MozillaFirefox-78.12.0-8.46.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-78.12.0-8.46.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-8.46.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-8.46.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-8.46.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-8.46.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'},\n {'reference':'MozillaFirefox-translations-other-78.12.0-8.46.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-desktop-applications-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:13", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1066-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1066-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillafirefox", "p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream", "p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols", "p-cpe:/a:novell:opensuse:mozillafirefox-devel", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-common", "p-cpe:/a:novell:opensuse:mozillafirefox-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1066.NASL", "href": "https://www.tenable.com/plugins/nessus/151841", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1066-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151841);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1066-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1066-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P253WUL63Q3NMRE2SIMFESB3E4L3KLVY/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?829dbde8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'MozillaFirefox-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-devel-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-translations-common-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaFirefox-translations-other-78.12.0-lp152.2.61.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-branding-upstream / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:23", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-29 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-17T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_78_12_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/151574", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-29.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151574);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/17\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 78.12. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2021-29 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'78.12', min:'78.0.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:07", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities:\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2022-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:firefox", "p-cpe:/a:zte:cgsl_core:firefox-debuginfo", "p-cpe:/a:zte:cgsl_main:firefox", "p-cpe:/a:zte:cgsl_main:firefox-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0005_FIREFOX.NASL", "href": "https://www.tenable.com/plugins/nessus/160798", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0005. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160798);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2022-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected\nby multiple vulnerabilities:\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability\n affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12,\n Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0005\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'firefox-78.12.0-1.el7.centos',\n 'firefox-debuginfo-78.12.0-1.el7.centos'\n ],\n 'CGSL MAIN 5.04': [\n 'firefox-78.12.0-1.el7.centos',\n 'firefox-debuginfo-78.12.0-1.el7.centos'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:06", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2741 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "RHEL 7 : firefox (RHSA-2021:2741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2021-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/151671", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2741. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151671);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"RHSA\", value:\"2021:2741\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 7 : firefox (RHSA-2021:2741)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2741 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:19", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2742 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2021:2742)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2021-2742.NASL", "href": "https://www.tenable.com/plugins/nessus/151668", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2742. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151668);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"RHSA\", value:\"2021:2742\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2021:2742)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2742 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:05", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2740 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2021:2740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2021-2740.NASL", "href": "https://www.tenable.com/plugins/nessus/151670", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2740. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151670);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"RHSA\", value:\"2021:2740\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2021:2740)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2740 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:20", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2743 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "RHEL 8 : firefox (RHSA-2021:2743)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:firefox"], "id": "REDHAT-RHSA-2021-2743.NASL", "href": "https://www.tenable.com/plugins/nessus/151669", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2743. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151669);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"RHSA\", value:\"2021:2743\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : firefox (RHSA-2021:2743)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2743 advisory.\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'firefox-78.12.0-1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:37", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2389-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:2389-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillafirefox", "p-cpe:/a:novell:suse_linux:mozillafirefox-devel", "p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2389-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151805", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2389-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151805);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\"CVE-2021-29970\", \"CVE-2021-29976\", \"CVE-2021-30547\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2389-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:2389-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2389-1 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009155.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2bb06a27\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-devel and / or MozillaFirefox-translations-common packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'MozillaFirefox-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'MozillaFirefox-devel-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'MozillaFirefox-translations-common-78.12.0-112.65.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:47", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4940 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-18T00:00:00", "type": "nessus", "title": "Debian DSA-4940-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-kk", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ms", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz"], "id": "DEBIAN_DSA-4940.NASL", "href": "https://www.tenable.com/plugins/nessus/151807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4940. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151807);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Debian DSA-4940-1 : thunderbird - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-4940 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/thunderbird\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the thunderbird packages.\n\nFor the stable distribution (buster), these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'calendar-google-provider', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ast', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-be', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-bg', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ca', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-cs', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-cy', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-da', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-de', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-dsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-el', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-en-gb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-es-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-es-es', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-et', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-eu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fy-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ga-ie', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-gd', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-gl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-he', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hy-am', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-id', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-is', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-it', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ja', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-kab', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-kk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ko', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-lt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ms', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nb-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nn-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pt-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pt-pt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-rm', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ro', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ru', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-si', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sq', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sv-se', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-tr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-uk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-vi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-zh-cn', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-zh-tw', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:78.12.0-1~deb10u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'calendar-google-provider / lightning / lightning-l10n-ar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:58", "description": "The version of Thunderbird installed on the remote Windows host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_78_12.NASL", "href": "https://www.tenable.com/plugins/nessus/151613", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-30.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151613);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Mozilla Thunderbird < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 78.12. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we\n presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Thunderbird/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Thunderbird');\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'78.12', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:22", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-01T00:00:00", "type": "nessus", "title": "CentOS 8 : thunderbird (CESA-2021:2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS8_RHSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152168", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2883. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152168);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2883\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2021:2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2883\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:41", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2458.NASL", "href": "https://www.tenable.com/plugins/nessus/152010", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2458-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152010);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2458-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef44ebb7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:04", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_78_12.NASL", "href": "https://www.tenable.com/plugins/nessus/151612", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-30.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151612);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Mozilla Thunderbird < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we\n presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'78.12', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:15", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1091-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1091-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1091.NASL", "href": "https://www.tenable.com/plugins/nessus/152219", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1091-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152219);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1091-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1091-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3459991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:51", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2883 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : thunderbird (ELSA-2021-2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152093", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2883.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2021-2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2883 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2883.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-3.0.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-3.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:52", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2881-1 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"], "id": "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/152086", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152086);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2881\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2881-1 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212881-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:50", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152076", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2883. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152076);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"2021:2883\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:55", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2881 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : thunderbird (ELSA-2021-2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-2881.NASL", "href": "https://www.tenable.com/plugins/nessus/152095", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2881.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152095);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 7 : thunderbird (ELSA-2021-2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2881 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2881.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-2.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:29", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:2458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillathunderbird", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2458-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152023", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2458-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152023);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2458-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:2458-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009206.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f4176a25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:18", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2881 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2021:2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-2881.NASL", "href": "https://www.tenable.com/plugins/nessus/152074", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2881. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152074);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2881\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2021:2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2881 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:22", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2914 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:2914)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-2914.NASL", "href": "https://www.tenable.com/plugins/nessus/152097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2914. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152097);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2914\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:2914)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2914 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2023-05-27T20:04:56", "description": "The Stable channel has been updated to 91.0.4472.101 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/91.0.4472.77..91.0.4472.101?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [14](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M91>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$25000][[1212618](<https://crbug.com/1212618>)] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n[$20000][[1201031](<https://crbug.com/1201031>)] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21\n\n[$NA][[1206911](<https://crbug.com/1206911>)] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08\n\n[$TBD][[1210414](<https://crbug.com/1210414>)] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n[$TBD][[1210487](<https://crbug.com/1210487>)] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n[$TBD][[1212498](<https://crbug.com/1212498>)] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23\n\n[$TBD][[1212500](<https://crbug.com/1212500>)] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23\n\n[$NA][[1216437](<https://crbug.com/1216437>)] High CVE-2021-30551: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Sergei Glazunov of Google Project Zero on 2021-06-04\n\n[$TBD][[1200679](<https://crbug.com/1200679>)] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20\n\n[$TBD][[1209769](<https://crbug.com/1209769>)] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1218029](<https://crbug.com/1218029>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-09T00:00:00", "id": "GCSA-6244807684233791030", "href": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T20:04:56", "description": "The Stable channel has been updated to 91.0.4472.114 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/91.0.4472.106..91.0.4472.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-2-M91>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$TBD][[1219857](<https://crbug.com/1219857>)] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15\n\n[$10000][[1215029](<https://crbug.com/1215029>)] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01\n\n[$7500][[1212599](<https://crbug.com/1212599>)] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n[$10000][[1202102](<https://crbug.com/1202102>)] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2021-30554 exists in the wild.\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-17T00:00:00", "id": "GCSA-8794598538337601472", "href": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 14 security fixes, including:\n\n[1212618] Critical CVE-2021-30544: Use after free in BFCache.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2021-05-24\n[1201031] High CVE-2021-30545: Use after free in Extensions.\n\t Reported by kkwon with everpall and kkomdal on 2021-04-21\n[1206911] High CVE-2021-30546: Use after free in Autofill.\n\t Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n\t Research on 2021-05-08\n[1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\n\t Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on\n\t 2021-05-18\n[1210487] High CVE-2021-30548: Use after free in Loader.\n\t Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team\n\t on 2021-05-18\n[1212498] High CVE-2021-30549: Use after free in Spell check.\n\t Reported by David Erceg on 2021-05-23\n[1212500] High CVE-2021-30550: Use after free in Accessibility.\n\t Reported by David Erceg on 2021-05-23\n[1216437] High CVE-2021-30551: Type Confusion in V8. Reported by\n\t Sergei Glazunov of Google Project Zero on 2021-06-04\n[1200679] Medium CVE-2021-30552: Use after free in Extensions.\n\t Reported by David Erceg on 2021-04-20\n[1209769] Medium CVE-2021-30553: Use after free in Network\n\t service. Reported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the\n\t wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-10T00:00:00", "id": "20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/20b3ab21-c9df-11eb-8558-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release includes 4 security fixes, including:\n\n[1219857] High CVE-2021-30554: Use after free in WebGL. Reported\n\t by anonymous on 2021-06-15\n[1215029] High CVE-2021-30555: Use after free in Sharing.\n\t Reported by David Erceg on 2021-06-01\n[1212599] High CVE-2021-30556: Use after free in WebAudio.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n[1202102] High CVE-2021-30557: Use after free in TabGroups.\n\t Reported by David Erceg on 2021-04-23\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-17T00:00:00", "id": "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/afdc7579-d023-11eb-bcad-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-05-27T14:59:45", "description": "### *Detect date*:\n06/09/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 91.0.4472.101\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "kaspersky", "title": "KLA12204 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "KLA12204", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12204/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:59:33", "description": "### *Detect date*:\n06/17/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nOpera earlier than 77.0.4054.90\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 77](<https://blogs.opera.com/desktop/changelog-for-77/#b4054.90>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "kaspersky", "title": "KLA12209 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "KLA12209", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12209/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:59:43", "description": "### *Detect date*:\n06/11/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30551](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30551>) \n[CVE-2021-30547](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30547>) \n[CVE-2021-30545](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30545>) \n[CVE-2021-30544](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30544>) \n[CVE-2021-30549](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30549>) \n[CVE-2021-30552](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30552>) \n[CVE-2021-30546](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30546>) \n[CVE-2021-30550](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30550>) \n[CVE-2021-30548](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30548>) \n[CVE-2021-30553](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30553>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T00:00:00", "type": "kaspersky", "title": "KLA12205 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2023-03-28T00:00:00", "id": "KLA12205", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12205/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:59:22", "description": "### *Detect date*:\n04/12/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nOpera earlier than 77.0.4054.146\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 77](<https://blogs.opera.com/desktop/changelog-for-77/#b4054.146>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-12T00:00:00", "type": "kaspersky", "title": "KLA12215 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-27T00:00:00", "id": "KLA12215", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12215/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:59:29", "description": "### *Detect date*:\n06/18/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30556](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30556>) \n[CVE-2021-30555](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30555>) \n[CVE-2021-30554](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30554>) \n[CVE-2021-30557](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30557>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T00:00:00", "type": "kaspersky", "title": "KLA12211 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-03-28T00:00:00", "id": "KLA12211", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12211/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:59:31", "description": "### *Detect date*:\n06/17/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 91.0.4472.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "kaspersky", "title": "KLA12210 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-22T00:00:00", "id": "KLA12210", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12210/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:58:58", "description": "### *Detect date*:\n07/13/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, spoof user interface.\n\n### *Affected products*:\nMozilla Firefox earlier than 90\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA2021-28](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "type": "kaspersky", "title": "KLA12228 Multiple vulnerabilities in Mozilla Firefox", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30547"], "modified": "2021-07-27T00:00:00", "id": "KLA12228", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12228/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:58:56", "description": "### *Detect date*:\n07/13/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nMozilla Firefox ESR earlier than 78.12\n\n### *Solution*:\nUpdate to the latest vresion \n[Download Firefox ESR](<https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr>)\n\n### *Original advisories*:\n[MFSA2021-29](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox ESR](<https://threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/>)\n\n### *CVE-IDS*:\n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "type": "kaspersky", "title": "KLA12229 Multiple vulnerabilities in Mozilla Firefox ESR", "bulletinFamily": "info", "cvss2&