Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2015-0171-1.NASLHistoryMay 20, 2015 - 12:00 a.m.
SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:0171-1)
2015-05-2000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues.
Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificate list.
For more information, please see https://www.mozilla.org/en-US/security/advisories/
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2015:0171-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(83676);
script_version("2.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-1569", "CVE-2014-8634", "CVE-2014-8636", "CVE-2014-8637", "CVE-2014-8638", "CVE-2014-8639", "CVE-2014-8640", "CVE-2014-8641");
script_bugtraq_id(71675, 72041, 72044, 72045, 72046, 72047, 72048, 72049);
script_name(english:"SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:0171-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs
and security issues.
Mozilla NSS has been updated to 3.17.3, fixing a security issue and
updating the root certificate list.
For more information, please see
https://www.mozilla.org/en-US/security/advisories/
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909563"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=910647"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=910669"
);
# https://download.suse.com/patch/finder/?keywords=b6b2353659cdca6dc3d8d5d591e00851
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?8ad6a431"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-1569/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8634/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8636/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8637/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8638/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8639/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8640/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-8641/"
);
# https://www.suse.com/support/update/announcement/2015/suse-su-20150171-1.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?51e5995f"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Firefox packages"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"mozilla-nss-32bit-3.17.3-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"mozilla-nss-32bit-3.17.3-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-3.17.3-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-devel-3.17.3-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-tools-3.17.3-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"MozillaFirefox-31.4.0esr-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"MozillaFirefox-translations-31.4.0esr-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Firefox");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | mozillafirefox | p-cpe:/a:novell:suse_linux:mozillafirefox |
| novell | suse_linux | mozillafirefox-translations | p-cpe:/a:novell:suse_linux:mozillafirefox-translations |
| novell | suse_linux | mozilla-nss | p-cpe:/a:novell:suse_linux:mozilla-nss |
| novell | suse_linux | mozilla-nss-devel | p-cpe:/a:novell:suse_linux:mozilla-nss-devel |
| novell | suse_linux | mozilla-nss-tools | p-cpe:/a:novell:suse_linux:mozilla-nss-tools |
| novell | suse_linux | 10 | cpe:/o:novell:suse_linux:10 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
www.nessus.org/u?51e5995f
www.nessus.org/u?8ad6a431
bugzilla.suse.com/show_bug.cgi?id=909563
bugzilla.suse.com/show_bug.cgi?id=910647
bugzilla.suse.com/show_bug.cgi?id=910669
www.mozilla.org/en-US/security/advisories/
www.suse.com/security/cve/CVE-2014-1569/
www.suse.com/security/cve/CVE-2014-8634/
www.suse.com/security/cve/CVE-2014-8636/
www.suse.com/security/cve/CVE-2014-8637/
www.suse.com/security/cve/CVE-2014-8638/
www.suse.com/security/cve/CVE-2014-8639/
www.suse.com/security/cve/CVE-2014-8640/
www.suse.com/security/cve/CVE-2014-8641/
Related
suse
suse
Security update for Mozilla Firefox (important)
2015-01-31 01:09:23
Security update for Mozilla Firefox (important)
2015-01-29 07:06:36
Security update for Mozilla Firefox (important)
2015-01-29 07:04:56
nessus
nessus
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10225)
2015-02-02 00:00:00
SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2015:0173-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10225)
2015-02-02 00:00:00
openvas
openvas
SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0173-1)
2015-10-16 00:00:00
SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0180-1)
2015-10-13 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 Jan15 (Mac OS X)
2015-01-20 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-01-14 00:00:00
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
Updated firefox and thunderbird packages fixes security vulnerabilities
2015-01-18 01:31:08
Updated firefox & thunderbird packages fix security vulnerabilities
2014-12-03 22:27:32
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
thunderbird: multiple issues
2015-01-14 00:00:00
nss: signature forgery
2014-12-16 00:00:00
oraclelinux
oraclelinux
firefox security and bug fix update
2015-01-14 00:00:00
thunderbird security update
2015-01-13 00:00:00
redhat
redhat
(RHSA-2015:0046) Critical: firefox security and bug fix update
2015-01-13 00:00:00
(RHSA-2015:0047) Important: thunderbird security update
2015-01-13 00:00:00
osv
osv
iceweasel - security update
2015-01-14 00:00:00
icedove - security update
2015-01-19 00:00:00
nss - security update
2015-03-13 00:00:00
centos
centos
firefox, xulrunner security update
2015-01-14 16:08:25
thunderbird security update
2015-01-14 15:52:57
debian
debian
[SECURITY] [DSA 3127-1] iceweasel security update
2015-01-14 19:02:00
[SECURITY] [DSA 3132-1] icedove security update
2015-01-19 16:58:23
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
Mozilla nss information leakage
2014-12-22 00:00:00
[ MDVSA-2014:252 ] nss
2014-12-22 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
mozilla -- multiple vulnerabilities
2014-12-01 00:00:00
prion
prion
Information disclosure
2015-01-14 11:59:00
Code injection
2015-01-14 11:59:00
Design/Logic Flaw
2015-01-14 11:59:00
ubuntucve
ubuntucve
mozilla
mozilla
Uninitialized memory use during bitmap rendering — Mozilla
2015-01-13 00:00:00
Read of uninitialized memory in Web Audio — Mozilla
2015-01-13 00:00:00
XrayWrapper bypass through DOM objects — Mozilla
2015-01-13 00:00:00
cve
cve
packetstorm
packetstorm
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
2015-04-19 00:00:00
Mozilla Firefox Proxy Prototype Remote Code Execution (CVE-2014-8636)
2015-03-26 00:00:00
metasploit
metasploit
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-23 18:44:41
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:04:03
Arbitrary Code Execution
2019-05-02 05:07:08
Cross-site Request Forgery (CSRF)
2019-05-02 05:07:07
zdt
zdt
Firefox Proxy Prototype Privileged Javascript Injection Exploit
2015-03-27 00:00:00
kaspersky
kaspersky
KLA10445 ACE vulnerability in Mozilla
2015-01-13 00:00:00
KLA10446 CI vulnerability in Mozilla products
2015-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: nss-3.17.3-2.fc21
2014-12-25 05:35:12
[SECURITY] Fedora 20 Update: nss-util-3.17.3-1.fc20
2015-01-07 23:54:35
[SECURITY] Fedora 20 Update: nss-softokn-3.17.3-1.fc20
2015-01-07 23:54:35
exploitpack
exploitpack
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
exploitdb
exploitdb
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
debiancve
debiancve
CVE-2014-1569
2014-12-15 18:59:00
ibm
ibm
googleprojectzero
googleprojectzero
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
Related for SUSE_SU-2015-0171-1.NASL