An update for firefox version 45.1.0 ESR is available for RHEL 5, 6, 7 with critical security impac
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
RedHat Linux | (RHSA-2016:0695) Critical: firefox security update | 26 Apr 201600:00 | – | redhat |
RedHat Linux | (RHSA-2016:1041) Important: thunderbird security update | 12 May 201600:00 | – | redhat |
RedHat Linux | (RHSA-2016:22711) Important: graphite2 security, bug fix, and enhancement update | 16 Feb 201605:00 | – | redhat |
RedHat Linux | (RHSA-2016:0594) Important: graphite2 security, bug fix, and enhancement update | 5 Apr 201617:05 | – | redhat |
Cent OS | firefox security update | 26 Apr 201623:59 | – | centos |
Cent OS | thunderbird security update | 13 May 201600:44 | – | centos |
Cent OS | graphite2 security update | 5 Apr 201620:02 | – | centos |
Tenable Nessus | CentOS 5 / 6 / 7 : firefox (CESA-2016:0695) | 27 Apr 201600:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0695) | 27 Apr 201600:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160426) | 27 Apr 201600:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:0695. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(90750);
script_version("2.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29");
script_cve_id("CVE-2016-1526", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2814");
script_xref(name:"RHSA", value:"2016:0695");
script_name(english:"RHEL 5 / 6 / 7 : firefox (RHSA-2016:0695)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for firefox is now available for Red Hat Enterprise Linux 5,
Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 45.1.0 ESR.
Security Fix(es) :
* Multiple flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (CVE-2016-2805, CVE-2016-2806,
CVE-2016-2807, CVE-2016-2808, CVE-2016-2814)
Red Hat would like to thank the Mozilla project for reporting these
issues. Upstream acknowledges Phil Ringalda, CESG (the Information
Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler,
Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren,
Gary Kwong, and Randell Jesup as the original reporters."
);
# https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?8b5eaff4"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2016:0695"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-1526"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2805"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2806"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2807"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2808"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2814"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected firefox and / or firefox-debuginfo packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/27");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2016:0695";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", reference:"firefox-45.1.0-1.el5_11", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL5", reference:"firefox-debuginfo-45.1.0-1.el5_11", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL6", reference:"firefox-45.1.0-1.el6_7", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL6", reference:"firefox-debuginfo-45.1.0-1.el6_7", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL7", reference:"firefox-45.1.0-1.el7_2", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL7", reference:"firefox-debuginfo-45.1.0-1.el7_2", allowmaj:TRUE)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo");
}
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo