Lucene search
This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2017-1440.NASLHistoryJun 15, 2017 - 12:00 a.m.
Oracle Linux 6 / 7 : firefox (ELSA-2017-1440)
2017-06-1500:00:00
This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
8.9 High
AI Score
Confidence
Low
From Red Hat Security Advisory 2017:1440 :
An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.2.0 ESR.
Security Fix(es) :
- Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:1440 and
# Oracle Linux Security Advisory ELSA-2017-1440 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100800);
script_version("3.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id("CVE-2017-5470", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7764", "CVE-2017-7771", "CVE-2017-7772", "CVE-2017-7773", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7777", "CVE-2017-7778");
script_xref(name:"RHSA", value:"2017:1440");
script_name(english:"Oracle Linux 6 / 7 : firefox (ELSA-2017-1440)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2017:1440 :
An update for firefox is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.2.0 ESR.
Security Fix(es) :
* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (CVE-2017-5470, CVE-2017-5472,
CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771,
CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750,
CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758,
CVE-2017-7764)
Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium
zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler,
Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse
Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel
Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso
(revskills) as the original reporters."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2017-June/006985.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2017-June/006986.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected firefox package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/15");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL6", reference:"firefox-52.2.0-1.0.1.el6_9", allowmaj:TRUE)) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"firefox-52.2.0-1.0.1.el7_3", allowmaj:TRUE)) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
oss.oracle.com/pipermail/el-errata/2017-June/006985.html
oss.oracle.com/pipermail/el-errata/2017-June/006986.html
Related
nessus
nessus
Virtuozzo 7 : firefox (VZLSA-2017-1440)
2017-07-13 00:00:00
Debian DLA-1007-1 : icedove/thunderbird security update
2017-07-05 00:00:00
EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1127)
2017-07-21 00:00:00
oraclelinux
oraclelinux
firefox security update
2017-06-14 00:00:00
thunderbird security update
2017-06-21 00:00:00
graphite2 security update
2017-07-20 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2017-06-19 10:44:03
Updated thunderbird packages fix security vulnerability and bugs
2017-06-19 10:44:03
Updated graphite2 packages fix security vulnerabilities
2017-07-26 01:07:12
osv
osv
icedove - security update
2017-06-30 00:00:00
firefox-esr - security update
2017-06-18 00:00:00
firefox-esr - security update
2017-06-14 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-991-1)
2018-01-28 00:00:00
Debian: Security Advisory (DSA-3881-1)
2017-06-13 00:00:00
Debian: Security Advisory (DLA-1007-1)
2018-02-04 00:00:00
redhat
redhat
(RHSA-2017:1561) Important: thunderbird security update
2017-06-21 03:10:17
(RHSA-2017:1440) Critical: firefox security update
2017-06-14 05:21:03
(RHSA-2017:1793) Important: graphite2 security update
2017-07-20 22:22:08
centos
centos
thunderbird security update
2017-06-21 15:49:22
firefox security update
2017-06-15 10:14:10
graphite2 security update
2017-07-21 14:21:22
debian
debian
[SECURITY] [DLA 991-1] firefox-esr security update
2017-06-18 09:53:10
[SECURITY] [DSA 3918-1] icedove/thunderbird security update
2017-07-25 20:03:55
[SECURITY] [DSA 3881-1] firefox-esr security update
2017-06-14 20:52:21
ibm
ibm
archlinux
archlinux
[ASA-201706-20] thunderbird: multiple issues
2017-06-16 00:00:00
[ASA-201706-19] firefox: multiple issues
2017-06-16 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2017-07-05 00:00:00
Firefox vulnerabilities
2017-06-15 00:00:00
graphite2 vulnerabilities
2017-08-21 00:00:00
kaspersky
kaspersky
KLA11050 Multiple vulnerabilities in Mozilla Thunderbird
2017-06-14 00:00:00
KLA11044 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2017-06-13 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 52.2 — Mozilla
2017-06-14 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.2 — Mozilla
2017-06-13 00:00:00
Security vulnerabilities fixed in Firefox 54 — Mozilla
2017-06-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 52.2.0-alt1
2017-06-22 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 52.2.0-alt1
2017-06-21 00:00:00
amazon
amazon
Important: graphite2
2017-08-17 18:27:00
suse
suse
Security update for Mozilla based packages (important)
2017-06-20 00:09:32
cloudfoundry
cloudfoundry
USN-3398-1: graphite2 vulnerabilities | Cloud Foundry
2017-09-21 00:00:00
gentoo
gentoo
Graphite: Multiple vulnerabilities
2017-10-13 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-06-13 00:00:00
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
Heap overflow
2019-04-15 12:31:00
Design/Logic Flaw
2018-06-11 21:29:00
cve
cve
veracode
veracode
Use-After-Free
2019-05-02 06:12:45
User-After-Free
2019-05-02 06:12:44
Use-after-Free
2019-05-02 06:12:44
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 26 Update: graphite2-1.3.10-1.fc26
2017-06-25 16:22:37
[SECURITY] Fedora 25 Update: graphite2-1.3.10-1.fc25
2017-06-28 20:53:50
[SECURITY] Fedora 24 Update: graphite2-1.3.10-1.fc24
2017-07-12 01:54:12
debiancve
debiancve