Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-FIREFOX-RHEL5.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 5 : firefox (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
rhel 5
firefox
unpatched vulnerability
remote host
code execution
integer overflow
xml parsing
https
mixed content
memory safety
memory corruption
exploitable crash
nessus
package manager

8.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.2%

JSON

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148)

  • An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. (CVE-2016-9063)

  • If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. (CVE-2018-12403)

  • Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. (CVE-2020-15665)

  • Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. (CVE-2020-15674)

  • When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. (CVE-2020-15675)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory firefox. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(195600);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-9063",
    "CVE-2018-5148",
    "CVE-2018-12403",
    "CVE-2020-15665",
    "CVE-2020-15674",
    "CVE-2020-15675"
  );

  script_name(english:"RHEL 5 : firefox (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148)

  - An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox
    < 50. (CVE-2016-9063)

  - If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content
    warning is not displayed to users. This vulnerability affects Firefox < 63. (CVE-2018-12403)

  - Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain
    on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other
    unexpected browser behaviors. This vulnerability affects Firefox < 80. (CVE-2020-15665)

  - Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence
    of memory corruption and we presume that with enough effort some of these could have been exploited to run
    arbitrary code. This vulnerability affects Firefox < 81. (CVE-2020-15674)

  - When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a
    potentially exploitable crash. This vulnerability affects Firefox < 81. (CVE-2020-15675)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5148");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-expat1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:expat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'expat', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'expat', 'cves':['CVE-2016-9063']},
      {'reference':'firefox', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'firefox', 'cves':['CVE-2018-5148', 'CVE-2018-12403', 'CVE-2020-15665', 'CVE-2020-15674', 'CVE-2020-15675']},
      {'reference':'thunderbird', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'thunderbird', 'cves':['CVE-2020-15675']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / firefox / thunderbird');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxcompat-expat1p-cpe:/a:redhat:enterprise_linux:compat-expat1
redhatenterprise_linuxexpatp-cpe:/a:redhat:enterprise_linux:expat
redhatenterprise_linuxfirefoxp-cpe:/a:redhat:enterprise_linux:firefox
redhatenterprise_linuxmingw-virt-viewerp-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer
redhatenterprise_linuxthunderbirdp-cpe:/a:redhat:enterprise_linux:thunderbird

Related

alpinelinux 3
cvelist 6
nvd 6
veracode 6
prion 6
debiancve 6
ubuntucve 6
redhatcve 6
cve 6
osv 5
nessus 54
ubuntu 5
openvas 47
freebsd 4
redhat 2
kaspersky 3
mozilla 3
debian 4
archlinux 4
threatpost 1
oraclelinux 2
altlinux 1
centos 2
fedora 3
ibm 2
mageia 2
f5 1
slackware 2
securelist 1
alpinelinux
alpinelinux
CVE-2020-15675
2020-10-01 19:15:13
CVE-2020-15674
2020-10-01 19:15:13
CVE-2020-15665
2020-10-01 19:15:13
cvelist
cvelist
CVE-2020-15674
2020-10-01 18:37:06
CVE-2020-15675
2020-10-01 18:32:08
CVE-2020-15665
2020-10-01 18:43:08
nvd
nvd
CVE-2020-15665
2020-10-01 19:15:13
CVE-2020-15675
2020-10-01 19:15:13
CVE-2020-15674
2020-10-01 19:15:13
veracode
veracode
Denial Of Service (DoS)
2020-09-24 10:29:35
Arbitrary Code Execution
2020-09-24 10:29:31
Phishing Attacks
2020-08-31 03:45:54
prion
prion
Memory corruption
2020-10-01 19:15:00
Memory corruption
2020-10-01 19:15:00
Design/Logic Flaw
2020-10-01 19:15:00
debiancve
debiancve
CVE-2020-15674
2020-10-01 19:15:13
CVE-2020-15675
2020-10-01 19:15:13
CVE-2020-15665
2020-10-01 19:15:13
ubuntucve
ubuntucve
CVE-2020-15674
2020-09-25 00:00:00
CVE-2020-15675
2020-09-25 00:00:00
CVE-2020-15665
2020-08-26 00:00:00
redhatcve
redhatcve
CVE-2020-15675
2020-10-05 17:15:36
CVE-2020-15674
2020-10-05 17:15:34
CVE-2020-15665
2020-10-05 17:15:27
cve
cve
CVE-2020-15675
2020-10-01 19:15:13
CVE-2020-15674
2020-10-01 19:15:13
CVE-2020-15665
2020-10-01 19:15:13
osv
osv
CVE-2016-9063
2018-06-11 21:29:00
firefox-esr - security update
2018-03-27 00:00:00
firefox vulnerabilities
2020-09-28 09:19:10
nessus
nessus
Mozilla Firefox < 81.0
2020-09-22 00:00:00
Oracle Linux 7 : firefox (ELSA-2018-1099)
2018-04-19 00:00:00
RHEL 6 : firefox (RHSA-2018:1098)
2018-04-11 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2020-09-28 00:00:00
Firefox vulnerability
2018-03-27 00:00:00
Firefox regressions
2020-09-03 00:00:00
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2018-10, MFSA2018-10) - Windows
2018-03-27 00:00:00
CentOS Update for firefox CESA-2018:1098 centos6
2018-05-03 00:00:00
Mozilla Firefox Security Advisories (MFSA2018-10, MFSA2018-10) - Mac OS X
2018-03-27 00:00:00
freebsd
freebsd
mozilla -- use-after-free in compositor
2018-03-26 00:00:00
expat -- multiple vulnerabilities
2016-10-27 00:00:00
Python 2.7 -- multiple vulnerabilities
2017-08-26 00:00:00
redhat
redhat
(RHSA-2018:1098) Important: firefox security update
2018-04-10 15:13:49
(RHSA-2018:1099) Important: firefox security update
2018-04-10 15:13:59
kaspersky
kaspersky
KLA11228 A use-after-free vulnerability in Mozilla Firefox and Firefox ESR
2018-03-26 00:00:00
KLA11963 Multiple vulnerabilities in Mozilla Firefox
2020-09-22 00:00:00
KLA11942 Multiple vulnerabilities in Mozilla Firefox
2020-08-25 00:00:00
mozilla
mozilla
Use-after-free in compositor — Mozilla
2018-03-26 00:00:00
Security Vulnerabilities fixed in Firefox 81 — Mozilla
2020-09-22 00:00:00
Security Vulnerabilities fixed in Firefox 80 — Mozilla
2020-08-25 00:00:00
debian
debian
[SECURITY] [DSA 4153-1] firefox-esr security update
2018-03-27 20:10:10
[SECURITY] [DLA 1321-1] firefox-esr security update
2018-03-27 22:04:14
[SECURITY] [DSA 3898-1] expat security update
2017-06-25 13:32:58
archlinux
archlinux
[ASA-202009-10] firefox: multiple issues
2020-09-23 00:00:00
[ASA-201706-32] expat: denial of service
2017-06-26 00:00:00
[ASA-201707-27] lib32-expat: denial of service
2017-07-26 00:00:00
threatpost
threatpost
Firefox 81 Release Kills High-Severity Code-Execution Bugs
2020-09-22 15:14:43
oraclelinux
oraclelinux
firefox security update
2018-04-17 00:00:00
firefox security update
2018-04-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 52.7.3-alt1
2018-03-26 00:00:00
centos
centos
firefox security update
2018-05-30 18:22:53
firefox security update
2018-05-02 12:03:01
fedora
fedora
[SECURITY] Fedora 25 Update: expat-2.2.1-1.fc25
2017-07-12 03:29:46
[SECURITY] Fedora 26 Update: expat-2.2.1-1.fc26
2017-07-14 13:26:21
[SECURITY] Fedora 24 Update: expat-2.2.1-1.fc24
2017-07-12 01:56:31
ibm
ibm
Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in expat affect IBM Chassis Management Module (CMM)
2019-01-31 02:40:01
mageia
mageia
Updated expat packages fix security vulnerabilities
2017-07-23 22:58:56
Updated firefox packages fix security vulnerability
2018-04-15 16:33:47
f5
f5
K000139691: Python vulnerabilities CVE-2022-48565, CVE-2018-1000802 and CVE-2016-9063
2024-05-21 00:00:00
slackware
slackware
[slackware-security] python
2017-09-23 06:33:04
[slackware-security] python
2018-05-04 20:53:50
securelist
securelist
IT threat evolution Q3 2020. Non-mobile statistics
2020-11-20 10:10:15

8.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.2%

JSON
Related for REDHAT_UNPATCHED-FIREFOX-RHEL5.NASL
alpinelinux3cvelist6nvd6veracode6prion6debiancve6ubuntucve6redhatcve6cve6osv5nessus54ubuntu5openvas47freebsd4redhat2kaspersky3mozilla3debian4archlinux4threatpost1oraclelinux2altlinux1centos2fedora3ibm2mageia2f51slackware2securelist1