SUSE SLES10 updated Mozilla Firefox to version 38.7.0 ESR to fix multiple security vulnerabilities in memory safety, local file overwriting, memory leaks, address override, and use-after-free issues
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
SUSE Linux | Security update for MozillaFirefox (important) | 18 Mar 201618:12 | – | suse |
SUSE Linux | Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important) | 30 Mar 201615:07 | – | suse |
SUSE Linux | Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important) | 11 Mar 201620:11 | – | suse |
SUSE Linux | Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important) | 15 Mar 201619:12 | – | suse |
SUSE Linux | Security update for MozillaThunderbird (important) | 24 Mar 201615:09 | – | suse |
SUSE Linux | Security update for MozillaThunderbird (important) | 26 Mar 201617:08 | – | suse |
SUSE Linux | Security update for Mozilla Thunderbird (important) | 11 Jul 201600:13 | – | suse |
SUSE Linux | Security update for Mozilla Thunderbird (important) | 10 Jul 201616:08 | – | suse |
SUSE Linux | Security update for Mozilla Thunderbird (important) | 11 Jul 201600:08 | – | suse |
SUSE Linux | Security update for Firefox (important) | 12 Mar 201613:12 | – | suse |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:0820-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(90065);
script_version("2.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1953", "CVE-2016-1954", "CVE-2016-1957", "CVE-2016-1958", "CVE-2016-1960", "CVE-2016-1961", "CVE-2016-1962", "CVE-2016-1964", "CVE-2016-1965", "CVE-2016-1966", "CVE-2016-1974", "CVE-2016-1977", "CVE-2016-1978", "CVE-2016-1979", "CVE-2016-2790", "CVE-2016-2791", "CVE-2016-2792", "CVE-2016-2793", "CVE-2016-2794", "CVE-2016-2795", "CVE-2016-2796", "CVE-2016-2797", "CVE-2016-2798", "CVE-2016-2799", "CVE-2016-2800", "CVE-2016-2801", "CVE-2016-2802");
script_name(english:"SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was updated to 38.7.0 ESR, fixing the following
security issues :
MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety
hazards (rv:45.0 / rv:38.7)
MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential
privilege escalation through CSP reports
MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when
deleting an array during MP4 processing
MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden
MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser
MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody
MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC
data channels
MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations
MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history
navigation and Location protocol property
MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI
plugin
MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser
following a failed allocation
MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in
NSS
MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the
Graphite 2 library.
Mozilla NSPR was updated to version 4.12, fixing following bugs :
Added a PR_GetEnvSecure function, which attempts to detect if the
program is being executed with elevated privileges, and returns NULL
if detected. It is recommended to use this function in general purpose
library code.
Fixed a memory allocation bug related to the PR_*printf functions
Exported API PR_DuplicateEnvironment, which had already been added in
NSPR 4.10.9
Several minor correctness and compatibility fixes.
Mozilla NSS was updated to fix security issues :
MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL
connections in low memory
MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in
NSS
MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER
encoded keys in NSS.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=969894"
);
# https://download.suse.com/patch/finder/?keywords=482a54f33ffb2bd9e847625a26c86780
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f3ce2a68"
);
# https://www.suse.com/support/update/announcement/2016/suse-su-20160820-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?586df408"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected MozillaFirefox packages"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2016/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.12-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"mozilla-nss-32bit-3.20.2-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"mozilla-nspr-32bit-4.12-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"mozilla-nss-32bit-3.20.2-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nspr-4.12-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nspr-devel-4.12-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-3.20.2-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-devel-3.20.2-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"mozilla-nss-tools-3.20.2-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"MozillaFirefox-38.7.0esr-0.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"MozillaFirefox-translations-38.7.0esr-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo