Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_FIREFOX-RHEL6.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 6 : firefox (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
redhat enterprise linux 6
firefox
unpatched vulnerability
cve-2020-15656
cve-2020-6823
cve-2013-6167
nessus
package manager

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

JSON

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  • Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823)

  • Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. (CVE-2013-6167)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory firefox. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(200049);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/22");

  script_cve_id(
    "CVE-2013-6167",
    "CVE-2014-8642",
    "CVE-2015-6525",
    "CVE-2016-10195",
    "CVE-2016-10197",
    "CVE-2018-12398",
    "CVE-2018-12399",
    "CVE-2018-12401",
    "CVE-2018-12402",
    "CVE-2018-12403",
    "CVE-2018-18495",
    "CVE-2018-18497",
    "CVE-2019-5849",
    "CVE-2019-11714",
    "CVE-2019-11716",
    "CVE-2019-11718",
    "CVE-2019-11720",
    "CVE-2019-11721",
    "CVE-2019-11723",
    "CVE-2019-11724",
    "CVE-2019-11725",
    "CVE-2019-11728",
    "CVE-2019-11737",
    "CVE-2019-17014",
    "CVE-2020-6808",
    "CVE-2020-6809",
    "CVE-2020-6810",
    "CVE-2020-6813",
    "CVE-2020-6823",
    "CVE-2020-6824",
    "CVE-2024-29180",
    "CVE-2020-12390",
    "CVE-2020-12391",
    "CVE-2020-12394",
    "CVE-2020-12422",
    "CVE-2020-12424",
    "CVE-2020-12425",
    "CVE-2020-15648",
    "CVE-2020-15653",
    "CVE-2020-15654",
    "CVE-2020-15656",
    "CVE-2020-15657",
    "CVE-2020-15658",
    "CVE-2020-16012"
  );

  script_name(english:"RHEL 6 : firefox (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823)

  - Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required
    character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout
    CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP
    response. (CVE-2013-6167)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15656");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-6823");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libevent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webpack-dev-middleware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'chromium-browser', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'chromium-browser', 'cves':['CVE-2015-6525', 'CVE-2020-16012']},
      {'reference':'firefox', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'firefox', 'cves':['CVE-2013-6167', 'CVE-2014-8642', 'CVE-2015-6525', 'CVE-2018-12398', 'CVE-2018-12399', 'CVE-2018-12401', 'CVE-2018-12402', 'CVE-2018-12403', 'CVE-2018-18495', 'CVE-2018-18497', 'CVE-2019-5849', 'CVE-2019-11714', 'CVE-2019-11716', 'CVE-2019-11718', 'CVE-2019-11720', 'CVE-2019-11721', 'CVE-2019-11723', 'CVE-2019-11724', 'CVE-2019-11725', 'CVE-2019-11728', 'CVE-2019-11737', 'CVE-2019-17014', 'CVE-2020-6808', 'CVE-2020-6809', 'CVE-2020-6810', 'CVE-2020-6813', 'CVE-2020-6823', 'CVE-2020-6824', 'CVE-2020-12390', 'CVE-2020-12391', 'CVE-2020-12394', 'CVE-2020-12422', 'CVE-2020-12424', 'CVE-2020-12425', 'CVE-2020-15648', 'CVE-2020-15653', 'CVE-2020-15654', 'CVE-2020-15656', 'CVE-2020-15657', 'CVE-2020-15658']},
      {'reference':'libevent', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libevent', 'cves':['CVE-2016-10195', 'CVE-2016-10197']},
      {'reference':'thunderbird', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'unpatched_pkg':'thunderbird', 'cves':['CVE-2015-6525', 'CVE-2020-15653', 'CVE-2020-15654', 'CVE-2020-15656', 'CVE-2020-15657', 'CVE-2020-15658']},
      {'reference':'webpack-dev-middleware', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'webpack-dev-middleware', 'cves':['CVE-2024-29180']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser / firefox / libevent / thunderbird / etc');
}
VendorProductVersionCPE
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linuxfirefoxp-cpe:/a:redhat:enterprise_linux:firefox
redhatenterprise_linuxthunderbirdp-cpe:/a:redhat:enterprise_linux:thunderbird
redhatenterprise_linuxchromium-browserp-cpe:/a:redhat:enterprise_linux:chromium-browser
redhatenterprise_linuxlibeventp-cpe:/a:redhat:enterprise_linux:libevent
redhatenterprise_linuxwebpack-dev-middlewarep-cpe:/a:redhat:enterprise_linux:webpack-dev-middleware

References

Related

nessus 68
kaspersky 7
redhat 4
oraclelinux 2
openvas 44
freebsd 3
ibm 3
altlinux 2
mozilla 7
archlinux 4
suse 6
mageia 4
rosalinux 1
gentoo 2
ubuntu 9
osv 2
cloudfoundry 1
huawei 1
debian 3
redhatcve 5
cve 3
cvelist 4
github 1
ubuntucve 3
prion 2
nvd 4
debiancve 2
veracode 1
alpinelinux 1
nessus
nessus
RHEL 7 : firefox (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : firefox (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : firefox (Unpatched Vulnerability)
2024-05-11 00:00:00
kaspersky
kaspersky
KLA11549 Multiple vulnerabilities in Mozilla Thunderbird
2019-08-27 00:00:00
KLA11919 Multiple vulnerabilities in Mozilla Firefox
2020-07-28 00:00:00
KLA11921 Multiple vulnerabilites in Mozilla Thunderbird
2020-07-28 00:00:00
redhat
redhat
(RHSA-2020:3559) Important: firefox security update
2020-08-26 09:53:23
(RHSA-2020:3557) Important: firefox security update
2020-08-26 07:54:22
(RHSA-2020:3555) Important: firefox security update
2020-08-26 07:54:03
oraclelinux
oraclelinux
firefox security update
2020-08-28 00:00:00
firefox security and bug fix update
2020-10-13 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2019-21) - Linux
2021-11-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2147-1)
2021-06-09 00:00:00
Mozilla Firefox Security Advisories (MFSA2019-21, MFSA2019-22) - Mac OS X
2019-07-11 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-07-09 00:00:00
libevent -- multiple vulnerabilities
2017-01-31 00:00:00
mozilla -- multiple vulnerabilities
2018-10-23 00:00:00
ibm
ibm
Security Bulletin: Synthetic Playback Agent 8.1.4 is affected by multiple vulnerabilities
2019-09-16 09:00:57
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 68.12.0 ESR + CVE-2020-15659) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0
2020-09-27 10:38:53
Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud App Management
2022-07-21 13:27:42
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 78.1.0-alt1
2020-07-28 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 78.1.1-alt1
2020-08-18 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 78.1 — Mozilla
2020-07-28 00:00:00
Security vulnerabilities fixed in Firefox 68 — Mozilla
2019-07-09 00:00:00
Security Vulnerabilities fixed in Firefox 79 — Mozilla
2020-07-28 00:00:00
archlinux
archlinux
[ASA-201907-4] firefox: multiple issues
2019-07-17 00:00:00
[ASA-201810-14] firefox: multiple issues
2018-10-24 00:00:00
[ASA-202003-8] firefox: multiple issues
2020-03-11 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2020-08-12 00:00:00
Security update for MozillaFirefox (important)
2020-08-07 00:00:00
Security update for MozillaFirefox (important)
2020-08-05 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2019-07-21 21:17:27
Updated thunderbird packages fix security vulnerabilities
2019-09-12 22:09:52
Updated libevent packages fix security vulnerability
2017-02-27 01:02:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1869
2021-07-02 17:13:48
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2019-08-15 00:00:00
libevent: Multiple vulnerabilities
2017-05-07 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2019-07-12 00:00:00
Firefox regressions
2019-07-25 00:00:00
Firefox vulnerabilities
2020-07-29 00:00:00
osv
osv
libevent - security update
2017-02-15 00:00:00
libevent - security update
2017-02-15 00:00:00
cloudfoundry
cloudfoundry
USN-3228-1: libevent vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
huawei
huawei
Security Advisory - Three Vulnerabilities in Huawei GaussDB
2017-10-25 00:00:00
debian
debian
[SECURITY] [DSA 3789-1] libevent security update
2017-02-15 14:20:08
[SECURITY] [DLA 824-1] libevent security update
2017-02-15 15:22:26
[SECURITY] [DSA 3789-1] libevent security update
2017-02-15 14:20:08
redhatcve
redhatcve
CVE-2017-5437
2017-04-20 06:20:11
CVE-2018-18495
2019-04-04 08:50:14
CVE-2019-11737
2022-01-13 06:54:36
cve
cve
CVE-2017-5437
2017-04-25 21:59:00
CVE-2019-11737
2019-09-27 18:15:11
CVE-2013-6167
2014-02-15 14:57:08
cvelist
cvelist
CVE-2020-12394
2020-05-26 17:00:25
CVE-2018-18497
2019-02-28 18:00:00
CVE-2013-6167
2014-02-15 11:00:00
github
github
Path traversal in webpack-dev-middleware
2024-03-21 18:59:28
ubuntucve
ubuntucve
CVE-2020-12394
2020-05-07 00:00:00
CVE-2018-18495
2018-12-11 00:00:00
CVE-2018-18497
2018-12-11 00:00:00
prion
prion
Input validation
2020-05-26 17:15:00
Design/Logic Flaw
2019-02-28 18:29:00
nvd
nvd
CVE-2018-18497
2019-02-28 18:29:01
CVE-2013-6167
2014-02-15 14:57:08
CVE-2018-18495
2019-02-28 18:29:01
debiancve
debiancve
CVE-2018-18495
2019-02-28 18:29:01
CVE-2020-12394
2020-05-26 17:15:10
veracode
veracode
Content Security Policy Bypass
2020-09-21 06:25:21
alpinelinux
alpinelinux
CVE-2020-12394
2020-05-26 17:15:10

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

JSON
Related for REDHAT_UNPATCHED_FIREFOX-RHEL6.NASL
nessus68kaspersky7redhat4oraclelinux2openvas44freebsd3ibm3altlinux2mozilla7archlinux4suse6mageia4rosalinux1gentoo2ubuntu9osv2cloudfoundry1huawei1debian3redhatcve5cve3cvelist4github1ubuntucve3prion2nvd4debiancve2veracode1alpinelinux1