SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)

2016-12-06T00:00:00

Description

This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026) : - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "SUSE_SU-2016-3014-1.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026) :\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-12-06T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/95565", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=992549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "https://bugzilla.suse.com/show_bug.cgi?id=1010404", "https://bugzilla.suse.com/show_bug.cgi?id=1010401", "https://www.suse.com/security/cve/CVE-2016-5297/", "https://www.suse.com/security/cve/CVE-2016-9074/", "https://bugzilla.suse.com/show_bug.cgi?id=1010422", "https://bugzilla.suse.com/show_bug.cgi?id=1009026", "https://www.suse.com/security/cve/CVE-2016-5285/", "https://bugzilla.suse.com/show_bug.cgi?id=1010395", "https://bugzilla.suse.com/show_bug.cgi?id=1010427", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "https://www.suse.com/security/cve/CVE-2016-9066/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "https://www.suse.com/security/cve/CVE-2016-5291/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "https://bugzilla.suse.com/show_bug.cgi?id=1010410", "https://bugzilla.suse.com/show_bug.cgi?id=1010402", "https://www.suse.com/security/cve/CVE-2016-5296/", "http://www.nessus.org/u?d7fce6b6", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064", "https://bugzilla.suse.com/show_bug.cgi?id=1010517", "https://www.suse.com/security/cve/CVE-2016-9064/", "https://www.suse.com/security/cve/CVE-2016-5290/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285"], "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "immutableFields": [], "lastseen": "2021-08-19T12:38:55", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-774"]}, {"type": "archlinux", "idList": ["ASA-201611-16"]}, {"type": "centos", "idList": ["CESA-2016:2779", "CESA-2016:2780", "CESA-2016:2825"]}, {"type": "cve", "idList": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"]}, {"type": "debian", "idList": ["DEBIAN:DLA-730-1:11C56", "DEBIAN:DLA-730-1:42601", "DEBIAN:DLA-752-1:F9780", "DEBIAN:DLA-759-1:AE95E", "DEBIAN:DSA-3716-1:B4B8D", "DEBIAN:DSA-3730-1:96B35", "DEBIAN:DSA-3730-1:A6927"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5285", "DEBIANCVE:CVE-2016-5290", "DEBIANCVE:CVE-2016-5291", "DEBIANCVE:CVE-2016-5296", "DEBIANCVE:CVE-2016-5297", "DEBIANCVE:CVE-2016-9064", "DEBIANCVE:CVE-2016-9066", "DEBIANCVE:CVE-2016-9074"]}, {"type": "freebsd", "idList": ["D1853110-07F4-4645-895B-6FD462AD0589"]}, {"type": "gentoo", "idList": ["GLSA-201701-15", "GLSA-201701-46"]}, {"type": "ibm", "idList": ["233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "4DB330CE9E158474D6EDD110D8F288EDB381271E5DF52947EB7AAE87876AE2E8", "7084187D54BEB894DB2BB6F2037591730564A54BC4D8B87EE94BF81E4984B4F5", "866671D49CDD6F2D149E9EFDE55198073DD8C70E52CD0D773C383F6D40F3F73A", "8A062C54043BB0CF7A61252E03FA7EAA12FF8430AE6C1DCE76464220A82D6828", "921DFDB03FD53AE441193B49E1E79D7A01B14E10BC6418004E92AF484A8DC73E", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "A079CA67676503E95213F78F0E643AA0E3EBA8D2AECFD368FEC0DD7CB2B6EB1E", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "BF41D09DF48C86BCBCF88C9739D2BEF30253919BB747AA42D4C2F982E9520049", "C5BC6A8A20C5E595B6773CB368EFD7BC771C03C2AD355C52EF7D05090227DAB5", "E03A484CF469BD6B2DAECCB473A7503A0790E5B2AA59D4D44D65E89DF09A125C"]}, {"type": "kaspersky", "idList": ["KLA11272"]}, {"type": "mageia", "idList": ["MGASA-2016-0379", "MGASA-2016-0409", "MGASA-2017-0323"]}, {"type": "mozilla", "idList": ["MFSA2016-89", "MFSA2016-90", "MFSA2016-93"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784623"]}, {"type": "nessus", "idList": ["9804.PRM", "9805.PRM", "ALA_ALAS-2016-774.NASL", "CENTOS_RHSA-2016-2779.NASL", "CENTOS_RHSA-2016-2780.NASL", "CENTOS_RHSA-2016-2825.NASL", "DEBIAN_DLA-730.NASL", "DEBIAN_DLA-752.NASL", "DEBIAN_DLA-759.NASL", "DEBIAN_DSA-3716.NASL", "DEBIAN_DSA-3730.NASL", "EULEROS_SA-2016-1084.NASL", "EULEROS_SA-2016-1085.NASL", "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "GENTOO_GLSA-201701-15.NASL", "GENTOO_GLSA-201701-46.NASL", "MACOSX_FIREFOX_45_5_ESR.NASL", "MACOSX_FIREFOX_50_0.NASL", "MOZILLA_FIREFOX_45_5_ESR.NASL", "MOZILLA_FIREFOX_50_0.NASL", "OPENSUSE-2016-1334.NASL", "OPENSUSE-2016-1407.NASL", "ORACLELINUX_ELSA-2016-2779.NASL", "ORACLELINUX_ELSA-2016-2780.NASL", "ORACLELINUX_ELSA-2016-2825.NASL", "REDHAT-RHSA-2016-2779.NASL", "REDHAT-RHSA-2016-2780.NASL", "REDHAT-RHSA-2016-2825.NASL", "SL_20161116_FIREFOX_ON_SL5_X.NASL", "SL_20161116_NSS_AND_NSS_UTIL_ON_SL5_X.NASL", "SL_20161129_THUNDERBIRD_ON_SL5_X.NASL", "SUSE_SU-2016-3080-1.NASL", "SUSE_SU-2016-3105-1.NASL", "UBUNTU_USN-3124-1.NASL", "UBUNTU_USN-3141-1.NASL", "UBUNTU_USN-3163-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703716", "OPENVAS:1361412562310703730", "OPENVAS:1361412562310809804", "OPENVAS:1361412562310809805", "OPENVAS:1361412562310809806", "OPENVAS:1361412562310809807", "OPENVAS:1361412562310809821", "OPENVAS:1361412562310809822", "OPENVAS:1361412562310842953", "OPENVAS:1361412562310842967", "OPENVAS:1361412562310843006", "OPENVAS:1361412562310851435", "OPENVAS:1361412562310851442", "OPENVAS:1361412562310871718", "OPENVAS:1361412562310871719", "OPENVAS:1361412562310871724", "OPENVAS:1361412562310882592", "OPENVAS:1361412562310882593", "OPENVAS:1361412562310882595", "OPENVAS:1361412562310882596", "OPENVAS:1361412562310882597", "OPENVAS:1361412562310882603", "OPENVAS:1361412562310882604", "OPENVAS:1361412562311220161084", "OPENVAS:1361412562311220161085", "OPENVAS:703716", "OPENVAS:703730"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2779", "ELSA-2016-2780", "ELSA-2016-2825"]}, {"type": "osv", "idList": ["OSV:DLA-730-1", "OSV:DLA-752-1", "OSV:DLA-759-1", "OSV:DSA-3716-1", "OSV:DSA-3730-1"]}, {"type": "redhat", "idList": ["RHSA-2016:2779", "RHSA-2016:2780", "RHSA-2016:2825"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5285", "RH:CVE-2016-5290", "RH:CVE-2016-5291", "RH:CVE-2016-5296", "RH:CVE-2016-5297", "RH:CVE-2016-9064", "RH:CVE-2016-9066", "RH:CVE-2016-9074"]}, {"type": "seebug", "idList": ["SSV:92794", "SSV:93093"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2861-1", "OPENSUSE-SU-2016:3011-1", "OPENSUSE-SU-2016:3019-1", "SUSE-SU-2016:3014-1", "SUSE-SU-2016:3080-1", "SUSE-SU-2016:3105-1"]}, {"type": "symantec", "idList": ["SMNTC-1391"]}, {"type": "ubuntu", "idList": ["USN-3124-1", "USN-3141-1", "USN-3163-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5285", "UB:CVE-2016-5290", "UB:CVE-2016-5291", "UB:CVE-2016-5296", "UB:CVE-2016-5297", "UB:CVE-2016-9064", "UB:CVE-2016-9066", "UB:CVE-2016-9074"]}]}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201611-16"]}, {"type": "canvas", "idList": ["NSS"]}, {"type": "centos", "idList": ["CESA-2016:2779", "CESA-2016:2780", "CESA-2016:2825"]}, {"type": "cve", "idList": ["CVE-2016-5285"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3730-1:96B35"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5285"]}, {"type": "freebsd", "idList": ["D1853110-07F4-4645-895B-6FD462AD0589"]}, {"type": "gentoo", "idList": ["GLSA-201701-46"]}, {"type": "ibm", "idList": ["A079CA67676503E95213F78F0E643AA0E3EBA8D2AECFD368FEC0DD7CB2B6EB1E"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2016-9074/", "MSF:ILITIES/MOZILLA-THUNDERBIRD-CVE-2016-5290/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-774.NASL", "DEBIAN_DSA-3716.NASL", "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "MACOSX_FIREFOX_50_0.NASL", "MOZILLA_FIREFOX_45_5_ESR.NASL", "MOZILLA_FIREFOX_50_0.NASL", "ORACLELINUX_ELSA-2016-2780.NASL", "REDHAT-RHSA-2016-2780.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882592", "OPENVAS:1361412562311220161084", "OPENVAS:703730"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2780", "ELSA-2016-2825"]}, {"type": "redhat", "idList": ["RHSA-2016:2779"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5285"]}, {"type": "seebug", "idList": ["SSV:92794"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2861-1", "SUSE-SU-2016:3080-1"]}, {"type": "ubuntu", "idList": ["USN-3124-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5285"]}]}, "exploitation": null, "vulnersScore": -0.5}, "pluginID": "95565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3014-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95565);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5\n(bsc#1009026) :\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549) The Mozilla Firefox\n changelog was amended to document patched dropped in a\n previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163014-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7fce6b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1754=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1754=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo", "p-cpe:/a:novell:suse_linux:libfreebl3-hmac", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo", "p-cpe:/a:novell:suse_linux:libsoftokn3-hmac", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource", "p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit", "p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "solution": "To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2016-1754=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1754=1\n\nTo bring your system up-to-date, use 'zypper patch'.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2016-12-05T00:00:00", "vulnerabilityPublicationDate": "2018-06-11T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1659998956, "score": 1659869305}, "_internal": {"score_hash": "a6f35011a11f6aed1c965eb4ad64e2f0"}}

{"suse": [{"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026):\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n\n The Mozilla Firefox changelog was amended to document patched dropped in a\n previous update.\n\n", "cvss3": {}, "published": "2016-12-05T21:07:10", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-05T21:07:10", "id": "SUSE-SU-2016:3014-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026 bsc#1012964):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92\n bsc#1012964)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-10T23:09:49", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-10T23:09:49", "id": "SUSE-SU-2016:3080-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-13T13:07:50", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-13T13:07:50", "id": "SUSE-SU-2016:3105-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:55", "description": "This update for MozillaThunderbird fixes some potential security issues\n and bugs.\n\n The following security flaws cannot be exploited through email because\n scripting is disabled when reading mail, but are potentially risks in\n browser or browser-like contexts:\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,\n bsc#1012964)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010411)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n - CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5\n (bsc#1010427)\n\n The update contains changes in behavior:\n\n - Changed recipient address entry: Arrow-keys now copy the pop-up value to\n the input field. Mouse-hovered pop-up value can no longer be confirmed\n with tab or enter key. This restores the behavior of Thunderbird 24.\n - Support changes to character limit in Twitter\n\n The following bugs were fixed:\n\n - Reply with selected text containing quote resulted in wrong quoting\n level indication\n - Email invitation might not be displayed when description contains\n non-ASCII characters\n - Attempting to sort messages on the Date field whilst a quick filter is\n applied got stuck\n on sort descending\n - Mail address display at header pane displayed incorrectly if the address\n contains UTF-8 according to RFC 6532\n\n", "cvss3": {}, "published": "2016-12-06T13:07:20", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2016-12-06T13:07:20", "id": "OPENSUSE-SU-2016:3019-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00012.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bmo#1303418)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use\n it to gain elevated privileges (bmo#1295324)\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to\n cross-origin images, allowing timing attacks on them (bmo#1298552)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n - CVE-2016-9073: windows.create schema doesn't specify "format":\n "relativeUrl" (bmo#1289273)\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on\n e10s (bmo#1276976)\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by using\n Ctrl+Alt+R\n - Added option to Find in page that allows users to limit search to whole\n words only\n - Added download protection for a large number of executable file types on\n Windows, Mac and Linux\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n - Blocked versions of libavcodec older than 54.35.1\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes:\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1)\n and 0-RTT\n - The following CA certificate was added: CN = ISRG Root X1\n - NPN is disabled and ALPN is enabled by default\n - MD5 signature algorithms sent by the server in CertificateRequest\n messages are now properly ignored\n\n", "cvss3": {}, "published": "2016-11-18T17:06:44", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2016-11-18T17:06:44", "id": "OPENSUSE-SU-2016:2861-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n - CVE-2016-9073: windows.create schema doesn't specify "format":\n "relativeUrl" (bmo#1289273)\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n - Added option to Find in page that allows users to limit search to\n whole words only\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n - Blocked versions of libavcodec older than 54.35.1\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes:\n\n - the selfserv test utility has been enhanced to support ALPN\n (HTTP/1.1) and 0-RTT\n - The following CA certificate was added: CN = ISRG Root X1\n - NPN is disabled and ALPN is enabled by default\n - MD5 signature algorithms sent by the server in CertificateRequest\n messages are now properly ignored\n\n", "cvss3": {}, "published": "2016-12-05T19:07:18", "type": "suse", "title": "Security update for Mozilla Firefox, Thunderbird and NSS (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2016-12-05T19:07:18", "id": "OPENSUSE-SU-2016:3011-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00010.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-08-10T07:10:00", "description": "\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-16T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2022-08-10T07:09:53", "id": "OSV:DSA-3716-1", "href": "https://osv.dev/vulnerability/DSA-3716-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:39", "description": "\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2022-07-21T05:54:46", "id": "OSV:DLA-730-1", "href": "https://osv.dev/vulnerability/DLA-730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:14", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2022-08-10T07:11:10", "id": "OSV:DSA-3730-1", "href": "https://osv.dev/vulnerability/DSA-3730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:38", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1-1~deb7u1.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-17T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2022-07-21T05:54:47", "id": "OSV:DLA-752-1", "href": "https://osv.dev/vulnerability/DLA-752-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:34", "description": "\nFranziskus Kiefer reported that the existing mitigations for\nsome timing side-channel attacks were insufficient:\n<https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#>[CVE-2016-9074](https://security-tracker.debian.org/tracker/CVE-2016-9074)\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2:3.26-1+debu7u2.\n\n\nWe recommend that you upgrade your nss packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-23T00:00:00", "type": "osv", "title": "nss - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2022-07-21T05:54:48", "id": "OSV:DLA-759-1", "href": "https://osv.dev/vulnerability/DLA-759-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2022-03-07T01:12:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3716-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 16, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 \n CVE-2016-9064 CVE-2016-9066 CVE-2016-9074\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-16T21:27:57", "type": "debian", "title": "[SECURITY] [DSA 3716-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-16T21:27:57", "id": "DEBIAN:DSA-3716-1:B4B8D", "href": "https://lists.debian.org/debian-security-announce/2016/msg00299.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:45:03", "description": "Package : firefox-esr\nVersion : 45.5.1esr-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9064 CVE-2016-9066\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T21:45:13", "type": "debian", "title": "[SECURITY] [DLA 730-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-12-01T21:45:13", "id": "DEBIAN:DLA-730-1:42601", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T16:26:32", "description": "Package : firefox-esr\nVersion : 45.5.1esr-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9064 CVE-2016-9066\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T21:45:13", "type": "debian", "title": "[SECURITY] [DLA 730-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-12-01T21:45:13", "id": "DEBIAN:DLA-730-1:11C56", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:96B35", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:43:02", "description": "Package : icedove\nVersion : 45.5.1-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 \n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-17T20:19:56", "type": "debian", "title": "[SECURITY] [DLA 752-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-17T20:19:56", "id": "DEBIAN:DLA-752-1:F9780", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T22:26:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:A6927", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-25T05:44:29", "description": "Package : nss\nVersion : 2:3.26-1+debu7u2\nCVE ID : CVE-2016-9074\n\nFranziskus Kiefer reported that the existing mitigations for\nsome timing side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-23T10:42:34", "type": "debian", "title": "[SECURITY] [DLA 759-1] nss security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2016-12-23T10:42:34", "id": "DEBIAN:DLA-759-1:AE95E", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00034.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-07-19T22:11:19", "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809807\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\",\n \"CVE-2016-5291\", \"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 13:11:16 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.5 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3716-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703716", "href": "http://plugins.openvas.org/nasl.php?oid=703716", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3716.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3716-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703716);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_name(\"Debian Security Advisory DSA 3716-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-16 00:00:00 +0100 (Wed, 16 Nov 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3716.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible web browser with support for modern\nweb application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:35:47", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3716-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703716", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3716.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3716-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703716\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_name(\"Debian Security Advisory DSA 3716-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 00:00:00 +0100 (Wed, 16 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3716.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:01", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161085", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1085\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1085)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1085\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1085\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2016-1085 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\nA flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:38", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2780 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2780 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882592\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:36:58 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2780 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Grob, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2780\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022156.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:51", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2780 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882595", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2780 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882595\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:16 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2780 centos5\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Grob, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2780\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022157.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-17T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2016:2780-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871719", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2016:2780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871719\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-17 05:00:27 +0100 (Thu, 17 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2016:2780-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2780-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00074.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-25T14:49:45", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310809822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809822\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-5291\",\n \t\t\"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94339, 94336, 94341, 94335);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 11:46:45 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information, and\n to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:59", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310809821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2016-93_2016-93_win.nasl 12431 2018-11-20 09:21:00Z asteins $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809821\");\n script_version(\"$Revision: 12431 $\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5294\", \"CVE-2016-5297\", \"CVE-2016-9066\",\n \"CVE-2016-5291\", \"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94339, 94336, 94341, 94335);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 11:45:00 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information, and\n to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703730", "href": "http://plugins.openvas.org/nasl.php?oid=703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703730);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail\nclient suitable for free distribution. It supports different mail accounts (POP,\nIMAP, Gmail), has an integrated learning Spam filter, and offers easy organization\nof mails with tagging and virtual folders. Also, more features can be added by\ninstalling extensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703730\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:12:04", "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5293"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809806\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5297\",\n\t\t\"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-5291\", \"CVE-2016-9074\",\n\t\t\"CVE-2016-5290\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 13:10:33 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Write to arbitrary file with Mozilla Updater and Maintenance Service using\n updater.log hardlink.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3141-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842967", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-3141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842967\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:07 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3141-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Christian Holler, Jon Coppeard, Olli Pettay,\n Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple\n memory safety issues in Thunderbird. If a user were tricked in to opening a\n specially crafted message, an attacker could potentially exploit these to cause a\n denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted message,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked\nin to opening a specially crafted website in a browsing context, an\nattacker could exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9079)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3141-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3141-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851435", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851435\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-19 05:37:18 +0100 (Sat, 19 Nov 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\",\n \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9074\",\n \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use\n it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to\n cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format':\n 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on\n e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by using\n Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole\n words only\n\n - Added download protection for a large number of executable file types on\n Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2861-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:25", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809804\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5292\", \"CVE-2016-5297\", \"CVE-2016-9064\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-5290\", \"CVE-2016-9068\",\n \"CVE-2016-9072\", \"CVE-2016-9075\", \"CVE-2016-9077\", \"CVE-2016-5291\",\n \"CVE-2016-9070\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9076\",\n \"CVE-2016-9063\", \"CVE-2016-9071\", \"CVE-2016-5289\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 12:25:23 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - URL parsing causes crash.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - heap-use-after-free in nsINode::ReplaceOrInsertBefore.\n\n - heap-use-after-free in nsRefreshDriver.\n\n - 64-bit NPAPI sandbox is not enabled on fresh profile.\n\n - WebExtensions can access the mozAddonManager API and use it to gain elevated\n privileges.\n\n - Canvas filters allow feDisplacementMaps to be applied to cross-origin images,\n allowing timing attacks on them.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Sidebar bookmark can have reference to chrome window.\n\n - Insufficient timing side-channel resistance in divSpoiler.\n\n - select dropdown menu can be used for URL bar spoofing on e10s.\n\n - Possible integer overflow to fix inside XML_Parse in Expat.\n\n - Probe browser history via HSTS/301 redirect + CSP.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 50 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:58", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809805\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\",\n\t\t\"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\",\n \"CVE-2016-5290\", \"CVE-2016-9068\", \"CVE-2016-5289\", \"CVE-2016-9075\",\n \"CVE-2016-9077\", \"CVE-2016-5291\", \"CVE-2016-5295\", \"CVE-2016-9070\",\n \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9076\", \"CVE-2016-9063\",\n \"CVE-2016-9071\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 12:21:41 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - URL parsing causes crash.\n\n - Write to arbitrary file with Mozilla Updater and Maintenance Service using\n updater.log hardlink.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - heap-use-after-free in nsINode::ReplaceOrInsertBefore.\n\n - heap-use-after-free in nsRefreshDriver.\n\n - WebExtensions can access the mozAddonManager API and use it to gain elevated\n privileges.\n\n - Canvas filters allow feDisplacementMaps to be applied to cross-origin images,\n allowing timing attacks on them.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM.\n\n - Sidebar bookmark can have reference to chrome window.\n\n - Insufficient timing side-channel resistance in divSpoiler.\n\n - select dropdown menu can be used for URL bar spoofing on e10s.\n\n - Possible integer overflow to fix inside XML_Parse in Expat.\n\n - Probe browser history via HSTS/301 redirect + CSP.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 50 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-28T16:29:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for nss USN-3163-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-9074", "CVE-2016-5285"], "modified": "2019-11-27T00:00:00", "id": "OPENVAS:1361412562310843006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843006", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nss USN-3163-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843006\");\n script_version(\"2019-11-27T15:23:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-11-27 15:23:21 +0000 (Wed, 27 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-05 05:42:57 +0100 (Thu, 05 Jan 2017)\");\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nss USN-3163-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that NSS incorrectly\n handled certain invalid Diffie-Hellman keys. A remote attacker could possibly\n use this flaw to cause NSS to crash, resulting in a denial of service. This issue\n only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n (CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman client\nkey exchanges. A remote attacker could possibly use this flaw to perform a\nsmall subgroup confinement attack and recover private keys. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain timing\nside-channel attacks. A remote attacker could possibly use this flaw to\nrecover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes\nthe latest CA certificate bundle.\");\n script_tag(name:\"affected\", value:\"nss on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3163-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3163-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3124-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842953", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3124-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842953\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-19 05:36:56 +0100 (Sat, 19 Nov 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n\t\t\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\",\n\t\t\"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9069\", \"CVE-2016-9068\",\n\t\t\"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9075\",\n\t\t\"CVE-2016-9076\", \"CVE-2016-9077\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3124-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Christian Holler, Andrew McCreight, Dan\n Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus\n Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell\n Jesup discovered multiple memory safety issues in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could potentially\n exploit these to cause a denial of service via application crash, or execute\n arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to execute arbitrary code. (CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon ID\ninside the signed package matched the ID of the addon being updated.\nAn attacker that could perform a man-in-the-middle (MITM) attack could\npotentially exploit this to provide malicious addon updates.\n(CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-9067,\nCVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some\ncircumstance ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.04 LTS,\n Ubuntu 16.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3124-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3124-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.16.10.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:32", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2825 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882604", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2825 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882604\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 05:33:43 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2825 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2825\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022165.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2825 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2825 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882603\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 05:33:41 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2825 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2825\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022163.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2016:2825-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:2825-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871724\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 17:27:51 +0530 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:2825-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2825-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00086.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851442", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851442\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-06 05:39:57 +0100 (Tue, 06 Dec 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\",\n \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\",\n \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\",\n \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\",\n \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\",\n \"CVE-2016-9078\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format':\n 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to\n whole words only\n\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional loc ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3011-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "RedHat Update for nss and nss-util RHSA-2016:2779-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-2834", "CVE-2016-5285"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss and nss-util RHSA-2016:2779-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871718\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 08:41:41 +0100 (Wed, 16 Nov 2016)\");\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for nss and nss-util RHSA-2016:2779-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss and nss-util'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications.\n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version: nss\n(3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es):\n\n * Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute arbitrary\ncode with the permission of the user running the application.\n(CVE-2016-2834)\n\n * A NULL pointer dereference flaw was found in the way NSS handled invalid\nDiffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL\nserver using NSS. (CVE-2016-5285)\n\n * It was found that Diffie Hellman Client key exchange handling in NSS was\nvulnerable to small subgroup confinement attack. An attacker could use this\nflaw to recover private keys by confining the client DH key to small\nsubgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red\nHat). Upstream acknowledges Tyson Smith and Jed Davis as the original\nreporter of CVE-2016-2834.\");\n script_tag(name:\"affected\", value:\"nss and nss-util on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2779-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00073.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.21.3~2.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.21.3~2.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.21.3~1.1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util-debuginfo\", rpm:\"nss-util-debuginfo~3.21.3~1.1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util-devel\", rpm:\"nss-util-devel~3.21.3~1.1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.21.3~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.21.3~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.21.3~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util-debuginfo\", rpm:\"nss-util-debuginfo~3.21.3~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util-devel\", rpm:\"nss-util-devel~3.21.3~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.21.3~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.21.3~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "Check for the Version of nss", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for nss CESA-2016:2779 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-2834", "CVE-2016-5285"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss CESA-2016:2779 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882597\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:26 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2016:2779 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version: nss\n(3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es):\n\n * Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute arbitrary\ncode with the permission of the user running the application.\n(CVE-2016-2834)\n\n * A NULL pointer dereference flaw was found in the way NSS handled invalid\nDiffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL\nserver using NSS. (CVE-2016-5285)\n\n * It was found that Diffie Hellman Client key exchange handling in NSS was\nvulnerable to small subgroup confinement attack. An attacker could use this\nflaw to recover private keys by confining the client DH key to small\nsubgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red\nHat). Upstream acknowledges Tyson Smith and Jed Davis as the original\nreporter of CVE-2016-2834.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2779\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022152.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of nss\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.21.3~2.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.21.3~2.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "description": "Check for the Version of nss-util", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for nss-util CESA-2016:2779 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-2834", "CVE-2016-5285"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882593", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882593", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-util CESA-2016:2779 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882593\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:08 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-util CESA-2016:2779 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of\nlibraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version: nss\n(3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es):\n\n * Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute arbitrary\ncode with the permission of the user running the application.\n(CVE-2016-2834)\n\n * A NULL pointer dereference flaw was found in the way NSS handled invalid\nDiffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL\nserver using NSS. (CVE-2016-5285)\n\n * It was found that Diffie Hellman Client key exchange handling in NSS was\nvulnerable to small subgroup confinement attack. An attacker could use this\nflaw to recover private keys by confining the client DH key to small\nsubgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red\nHat). Upstream acknowledges Tyson Smith and Jed Davis as the original\nreporter of CVE-2016-2834.\");\n script_tag(name:\"affected\", value:\"nss-util on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2779\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022151.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of nss-util\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.21.3~1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-util-devel\", rpm:\"nss-util-devel~3.21.3~1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:06", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2016-1084)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-2834", "CVE-2016-5285"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161084", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1084\");\n script_version(\"2020-01-23T10:42:27+0000\");\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:42:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2016-1084)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1084\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1084\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nss, nss-util' package(s) announced via the EulerOS-SA-2016-1084 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\nA NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\nIt was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\");\n\n script_tag(name:\"affected\", value:\"'nss, nss-util' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.21.3~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.21.3~1.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-util-devel\", rpm:\"nss-util-devel~3.21.3~1.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:55", "description": "Check for the Version of nss", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for nss CESA-2016:2779 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-2834", "CVE-2016-5285"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882596", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss CESA-2016:2779 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882596\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:22 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2016:2779 centos5\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version: nss\n(3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es):\n\n * Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute arbitrary\ncode with the permission of the user running the application.\n(CVE-2016-2834)\n\n * A NULL pointer dereference flaw was found in the way NSS handled invalid\nDiffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL\nserver using NSS. (CVE-2016-5285)\n\n * It was found that Diffie Hellman Client key exchange handling in NSS was\nvulnerable to small subgroup confinement attack. An attacker could use this\nflaw to recover private keys by confining the client DH key to small\nsubgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red\nHat). Upstream acknowledges Tyson Smith and Jed Davis as the original\nreporter of CVE-2016-2834.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2779\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022159.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of nss\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.21.3~2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.21.3~2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.21.3~2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.21.3~2.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290). A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update (CVE-2016-9064). An existing mitigation of timing side-channel attacks in NSS before 3.26.1 is insufficient in some circumstances (CVE-2016-9074). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-17T14:10:52", "type": "mageia", "title": "Updated nss and firefox packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-17T14:10:52", "id": "MGASA-2016-0379", "href": "https://advisories.mageia.org/MGASA-2016-0379.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash (CVE-2016-5296). The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access (CVE-2016-5294). An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues (CVE-2016-5297). A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data (CVE-2016-9066). A same-origin policy bypass with local shortcut files to load arbitrary local content from disk (CVE-2016-5291). Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2016-5290). A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows (CVE-2016-9079). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-05T21:49:27", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2016-12-05T21:49:27", "id": "MGASA-2016-0409", "href": "https://advisories.mageia.org/MGASA-2016-0409.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5287, CVE-2016-5288, CVE-2016-5289, CVE-2016-5290, CVE-2016-5292, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9075, CVE-2016-9077, CVE-2016-5291, CVE-2016-9063, CVE-2016-9070, CVE-2016-9071, CVE-2016-9073, CVE-2016-9076, CVE-2016-9078, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393, CVE-2017-5396) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-01T21:10:29", "type": "mageia", "title": "Updated iceape packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5287", "CVE-2016-5288", "CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-9078", "CVE-2016-9080", "CVE-2016-9893", "CVE-2016-9894", "CVE-2016-9895", "CVE-2016-9896", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9903", "CVE-2016-9904", "CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5393", "CVE-2017-5396"], "modified": "2017-09-01T21:10:29", "id": "MGASA-2017-0323", "href": "https://advisories.mageia.org/MGASA-2017-0323.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:39:36", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Debian DSA-3716-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3716.NASL", "href": "https://www.tenable.com/plugins/nessus/94922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3716. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94922);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_xref(name:\"DSA\", value:\"3716\");\n\n script_name(english:\"Debian DSA-3716-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3716\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.5.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_45_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/94957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94957);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9074\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-90\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is 45.x prior to 45.4. It is, therefore, affected by\nmultiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.5', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3080-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3080-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95712);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA\n 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163080-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4cc0686a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-mfsa2016-90-12882=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-mfsa2016-90-12882=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mfsa2016-90-12882=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:02", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-devel", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3105-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3105-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95797);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation\n (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1593bc97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-mfs2016-90-12883=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-mfs2016-90-12883=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-translations-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libfreebl3-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-devel-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-tools-3.21.3-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:43", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered, allowing a remote attacker to cause a denial of service (application crash) or execute arbitrary code, if a user is tricked into opening a specially crafted website.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-730-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dbg", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-730.NASL", "href": "https://www.tenable.com/plugins/nessus/95456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-730-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95456);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n\n script_name(english:\"Debian DLA-730-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been\nfixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dbg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dev\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:29", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2016:2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94920", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2780. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94920);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2016:2780)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5291\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2780\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:38", "description": "From Red Hat Security Advisory 2016:2780 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2780 and \n# Oracle Linux Security Advisory ELSA-2016-2780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94928);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2780)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2780 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006524.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.5.0-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.5.0-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-45.5.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:56", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : firefox (CESA-2016:2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2780 and \n# CentOS Errata and Security Advisory 2016:2780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94982);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"CentOS 5 / 6 : firefox (CESA-2016:2780)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6397317a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61f97fdf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5290\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.5.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.5.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:49", "description": "This update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161116_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95051);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066,\n CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was\n handled by Firefox. A Man-in-the-Middle attacker could\n use this flaw to install a malicious signed add-on\n update. (CVE-2016-9064)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=2914\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9ebe451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.5.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.5.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.5.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.5.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:52", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1085.NASL", "href": "https://www.tenable.com/plugins/nessus/99844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99844);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1085)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox.(CVE-2016-5296, CVE-2016-5297,\n CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was\n handled by Firefox. A Man-in-the-Middle attacker could\n use this flaw to install a malicious signed add-on\n update. (CVE-2016-9064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04632b25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.5.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Debian DSA-3730-1 : icedove - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3730.NASL", "href": "https://www.tenable.com/plugins/nessus/95666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3730. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95666);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_xref(name:\"DSA\", value:\"3730\");\n\n script_name(english:\"Debian DSA-3730-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3730\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:45.5.1-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:37", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-752-1 : icedove security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:iceowl-extension", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-752.NASL", "href": "https://www.tenable.com/plugins/nessus/96013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-752-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96013);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"Debian DLA-752-1 : icedove security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"45.5.1-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:39", "description": "Versions of Mozilla Firefox ESR earlier than 45.5 are unpatched for the following vulnerabilities :\n\n - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.\n - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.\n - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.\n - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.\n - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.\n - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-5293", "CVE-2016-5294"], "modified": "2019-11-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"], "id": "9805.PRM", "href": "https://www.tenable.com/plugins/nnm/9805", "sourceData": "Binary data 9805.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:41", "description": "The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.5. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_45_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/94959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94959);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5293\",\n \"CVE-2016-5294\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9074\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-90\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is 45.x prior to 45.5. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.5', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:55", "description": "Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3141-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3141-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95426);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_xref(name:\"USN\", value:\"3141-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary\nKwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in\nsome circumstances. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted\nmessage, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3141-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:02:36", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_50_0.NASL", "href": "https://www.tenable.com/plugins/nessus/94958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94958);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5289\",\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5292\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9063\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9067\",\n \"CVE-2016-9068\",\n \"CVE-2016-9069\",\n \"CVE-2016-9070\",\n \"CVE-2016-9071\",\n \"CVE-2016-9073\",\n \"CVE-2016-9074\",\n \"CVE-2016-9075\",\n \"CVE-2016-9076\",\n \"CVE-2016-9077\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94337,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-89\");\n\n script_name(english:\"Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 50.0. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'50', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:03:20", "description": "This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5\n\nThe following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2.\n\nNew features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole words only\n\n - Added download protection for a large number of executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\nmozilla-nss was updated to 3.26.2, incorporating the following changes :\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1334.NASL", "href": "https://www.tenable.com/plugins/nessus/95022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1334.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95022);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)\");\n script_summary(english:\"Check for the openSUSE-2016-1334 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA\n2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in\n nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922\n (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver\n (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the\n mozAddonManager API and use it to gain elevated\n privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps\n to be applied to cross-origin images, allowing timing\n attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to\n chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify\n 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL\n bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside\n XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301\n redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5\n\nThe following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bmo#1293334) Mozilla Firefox\n now requires mozilla-nss 3.26.2.\n\nNew features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have\n Ctrl+Tab cycle through tabs in recently used order View\n a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit\n search to whole words only\n\n - Added download protection for a large number of\n executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with\n rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without\n native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\nmozilla-nss was updated to 3.26.2, incorporating the following \nchanges :\n\n - the selfserv test utility has been enhanced to support\n ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root\n X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in\n CertificateRequest messages are now properly ignored\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debugsource-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-devel-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debugsource-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-devel-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-branding-upstream-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-buildsymbols-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debuginfo-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debugsource-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-devel-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-common-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-other-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libfreebl3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libfreebl3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libsoftokn3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libsoftokn3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-certs-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-debugsource-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-devel-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-sysinit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-tools-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:35", "description": "It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"], "modified": "2019-11-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libnss3", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3163-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3163-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96304);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_xref(name:\"USN\", value:\"3163-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that NSS incorrectly handled certain invalid\nDiffie-Hellman keys. A remote attacker could possibly use this flaw to\ncause NSS to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman\nclient key exchanges. A remote attacker could possibly use this flaw\nto perform a small subgroup confinement attack and recover private\nkeys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain\ntiming side-channel attacks. A remote attacker could possibly use this\nflaw to recover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes\nthe latest CA certificate bundle.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3163-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libnss3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.14.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnss3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-02T17:03:19", "description": "Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code.\n(CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a man-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9067, CVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9068)\n\nIt was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions.\n(CVE-2016-9070)\n\nAn issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071)\n\nAn issue was discovered with the windows.create() WebExtensions API.\nIf a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073)\n\nIt was discovered that WebExtensions can use the mozAddonManager API.\nAn attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075)\n\nIt was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks.\n(CVE-2016-9076)\n\nIt was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3124-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3124-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95025);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n script_xref(name:\"USN\", value:\"3124-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon\nCoppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli\nPettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in\nsome circumstances. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary code.\n(CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon\nID inside the signed package matched the ID of the addon being\nupdated. An attacker that could perform a man-in-the-middle (MITM)\nattack could potentially exploit this to provide malicious addon\nupdates. (CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9067, CVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-9068)\n\nIt was discovered that a page loaded in to the sidebar through a\nbookmark could reference a privileged chrome window. An attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-9070)\n\nAn issue was discovered with Content Security Policy (CSP) in\ncombination with HTTP to HTTPS redirection. An attacker could\npotentially exploit this to verify whether a site is within the user's\nbrowsing history. (CVE-2016-9071)\n\nAn issue was discovered with the windows.create() WebExtensions API.\nIf a user were tricked in to installing a malicious extension, an\nattacker could potentially exploit this to escape the WebExtensions\nsandbox. (CVE-2016-9073)\n\nIt was discovered that WebExtensions can use the mozAddonManager API.\nAn attacker could potentially exploit this to install additional\nextensions without user permission. (CVE-2016-9075)\n\nIt was discovered that <select> element dropdown menus can cover\nlocation bar content when e10s is enabled. An attacker could\npotentially exploit this to conduct UI spoofing attacks.\n(CVE-2016-9076)\n\nIt was discovered that canvas allows the use of the feDisplacementMap\nfilter on cross-origin images. An attacker could potentially exploit\nthis to conduct timing attacks. (CVE-2016-9077).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3124-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.16.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:03:19", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_50_0.NASL", "href": "https://www.tenable.com/plugins/nessus/94960", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94960);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5289\",\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5292\",\n \"CVE-2016-5293\",\n \"CVE-2016-5294\",\n \"CVE-2016-5295\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9063\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9067\",\n \"CVE-2016-9068\",\n \"CVE-2016-9069\",\n \"CVE-2016-9070\",\n \"CVE-2016-9071\",\n \"CVE-2016-9072\",\n \"CVE-2016-9073\",\n \"CVE-2016-9074\",\n \"CVE-2016-9075\",\n \"CVE-2016-9076\",\n \"CVE-2016-9077\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94337,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-89\");\n\n script_name(english:\"Mozilla Firefox < 50.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 50.0. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'50', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:01:49", "description": "Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:firefox-esr", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "href": "https://www.tenable.com/plugins/nessus/94904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94904);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\", \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-89/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-90/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\"\n );\n # https://vuxml.freebsd.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7042961\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<50.0_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.47\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.47\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<45.5.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.5.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<45.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<45.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<45.5.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:40", "description": "Versions of Mozilla Firefox prior to 50.0 are unpatched for the following vulnerabilities :\n\n - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists in the 'net_CoalesceDirs()' function in 'netwerk/base/nsURLHelper.cpp' that is triggered when handling specially crafted URLs. This may allow a context-dependent attacker to potentially execute arbitrary code.\n - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.\n - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.\n - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.\n - A flaw exists that is triggered when a context-dependent attacker forces a user into full-screen mode, which may potentially allow the attacker to use a fake location bar to perform spoofing attacks.\n - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.\n - A use-after-free error exists in the 'nsINode::ReplaceOrInsertBefore()' function in 'dom/base/nsINode.cpp' that is triggered when handling certain DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the 'nsINode::Prepend()' function in 'dom/base/nsINode.cpp' that is triggered when handling DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in 'nsRefreshDriver'. The issue is triggered when handling web animation timelines. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/plugins/base/nsPluginTags.cpp' that is triggered as the sandbox for 64-bit NPAPI plugins may not be enabled by default. This may potentially result in less secure behavior than intended.\n - A flaw exists in 'toolkit/components/extensions/ExtensionContent.jsm' that is triggered as WebExtensions may inappropriately access the mozAddonManager API. This may allow a context-dependent attacker to use a specially crafted extension to install further extensions without a user's permission.\n - A flaw exists in 'dom/canvas/CanvasRenderingContext2D.cpp' that is triggered by the use of the feDisplacementMap filter on images that are loaded cross-origin. This may allow a context-dependent attacker to conduct a timing attack and have an unspecified impact.\n - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.\n - A flaw exists in the 'ProcessSoftwareUpdateCommand()' function in 'toolkit/components/maintenanceservice/workmonitor.cpp', as it may copy 'updater.exe' from untrusted directories. This may allow a local attacker to read files with SYSTEM privileges.\n - A flaw exists that is triggered when a page load is disrupted. This may result in the previous page's favicon and SSL indicator persisting, potentially misleading a user about the URL of the page being visited.\n - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose AuthTokens intended to be sent to Firefox.\n - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose API keys intended to be sent to Firefox.\n - A flaw exists in 'mobile/android/base/java/org/mozilla/gecko/PrivateTab.java' that is triggered, as browsing metadata from private browsing may persist in the 'browser.db' and 'browser.db'-wal files within a Firefox profile. This may potentially allow a physically present attacker to disclose information about private browsing.\n - A flaw exists in 'dom/bindings/Codegen.py' that is triggered when loading pages in a sidebar via a bookmark. This may allow the page to reference a privileged chrome window, violating the same-origin policy and engaging in limited JavaScript operations.\n - A flaw exists that is triggered as the 'windows.create' schema doesn't specify \"format\": \"relativeUrl\". This may allow a context-dependent attacker to escape the WebExtension sandbox.\n - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.\n - A flaw exists that is triggered as the \"select\" dropdown menu may potentially cover location bar content, allowing a context-dependent attacker to spoof the location bar.\n - An integer overflow condition exists in the 'XML_Parse()' function in 'parser/expat/lib/xmlparse.c'. The issue is triggered as certain input is not properly validated when parsing XML content. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists in the 'nsCSPHostSrc::permits()' function in 'dom/security/nsCSPUtils.cpp' that is triggered when the Content Security Policy (CSP) is combined with HTTP to HTTPS redirection. This may potentially allow a context-dependent attacker to enumerate the existence of a known site in a user's browser history.\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'EventListenerManager::GetListenerInfo()' function in 'dom/events/EventListenerManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/media/mediasource/TrackBuffersManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'WebrtcVideoConduit::CodecConfigToWebRTCCodec()' function in 'media/webrtc/signaling/src/media-conduit/VideoConduit.cpp' that is triggered when handling simulcast streams. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'js/src/jit/arm64/MacroAssembler-arm64.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exist that is triggered when handling screen/window/app capture. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to MessagePort not supporting transferable objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'JSStructuredCloneWriter::transferOwnership()' function in 'js/src/vm/StructuredClone.cpp' that is triggered when handling user-defined structured clone tags. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9063", "CVE-2016-5289", "CVE-2016-5292", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-9072", "CVE-2016-5295", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9065", "CVE-2014-8644"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "9804.PRM", "href": "https://www.tenable.com/plugins/nnm/9804", "sourceData": "Binary data 9804.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:55", "description": "From Red Hat Security Advisory 2016:2825 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2825 and \n# Oracle Linux Security Advisory ELSA-2016-2825 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95410);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2825)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2825 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006542.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-45.5.0-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:58", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2825 and \n# CentOS Errata and Security Advisory 2016:2825 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95444);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2825)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d16a91bb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bce4f675\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-December/003691.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1bf1620\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5290\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.5.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.5.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:01", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-29T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2825. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95382);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2825)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5290\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2825\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:45", "description": "This update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161129)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161129_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95868);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2016-5290)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=15252\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56d200a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-45.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-45.5.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:44", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole words only\n\n - Added download protection for a large number of executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes :\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-9078", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1407.NASL", "href": "https://www.tenable.com/plugins/nessus/95590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1407.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95590);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\", \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\", \"CVE-2016-9078\", \"CVE-2016-9079\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)\");\n script_summary(english:\"Check for the openSUSE-2016-1407 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS\n3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA\n2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in\n nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922\n (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver\n (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the\n mozAddonManager API and use it to gain elevated\n privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps\n to be applied to cross-origin images, allowing timing\n attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to\n chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify\n 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL\n bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside\n XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301\n redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS\n 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have\n Ctrl+Tab cycle through tabs in recently used order View\n a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit\n search to whole words only\n\n - Added download protection for a large number of\n executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with\n rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without\n native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the\n following changes :\n\n - the selfserv test utility has been enhanced to support\n ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root\n X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in\n CertificateRequest messages are now properly ignored\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1227538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1247239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1294438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1300083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1306696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1317641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox / Thunderbird and NSS packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-94.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:18", "description": "Franziskus Kiefer reported that the existing mitigations for some timing side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-201 6-9074\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "Debian DLA-759-1 : nss security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libnss3", "p-cpe:/a:debian:debian_linux:libnss3-1d", "p-cpe:/a:debian:debian_linux:libnss3-dbg", "p-cpe:/a:debian:debian_linux:libnss3-dev", "p-cpe:/a:debian:debian_linux:libnss3-tools", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-759.NASL", "href": "https://www.tenable.com/plugins/nessus/96094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-759-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96094);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9074\");\n\n script_name(english:\"Debian DLA-759-1 : nss security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Franziskus Kiefer reported that the existing mitigations for some\ntiming side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-201\n6-9074\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/nss\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cacd4be1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libnss3\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-1d\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dbg\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dev\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-tools\", reference:\"2:3.26-1+debu7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-13T18:08:33", "description": "The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details.\n Impact :\n\n Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2721", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-1938", "CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nss", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-46.NASL", "href": "https://www.tenable.com/plugins/nessus/96643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-46.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96643);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-4000\", \"CVE-2015-7575\", \"CVE-2016-1938\", \"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_xref(name:\"GLSA\", value:\"201701-46\");\n\n script_name(english:\"GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-46\n(Mozilla Network Security Service (NSS): Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NSS. Please review the\n CVE identifiers and technical papers referenced below for details.\n \nImpact :\n\n Remote attackers could conduct man-in-the-middle attacks, obtain access\n to private key information, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mitls.org/pages/attacks/SLOTH\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All NSS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.28'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/nss\", unaffected:make_list(\"ge 3.28\"), vulnerable:make_list(\"lt 3.28\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Network Security Service (NSS)\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:39:29", "description": "From Red Hat Security Advisory 2016:2779 :\n\nAn update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nss", "p-cpe:/a:oracle:linux:nss-devel", "p-cpe:/a:oracle:linux:nss-pkcs11-devel", "p-cpe:/a:oracle:linux:nss-sysinit", "p-cpe:/a:oracle:linux:nss-tools", "p-cpe:/a:oracle:linux:nss-util", "p-cpe:/a:oracle:linux:nss-util-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2779.NASL", "href": "https://www.tenable.com/plugins/nessus/94927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2779 and \n# Oracle Linux Security Advisory ELSA-2016-2779 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94927);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_xref(name:\"RHSA\", value:\"2016:2779\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2779 :\n\nAn update for nss and nss-util is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nThe nss-util packages provide utilities for use with the Network\nSecurity Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute\narbitrary code with the permission of the user running the\napplication. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled\ninvalid Diffie-Hellman keys. A remote client could use this flaw to\ncrash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS\nwas vulnerable to small subgroup confinement attack. An attacker could\nuse this flaw to recover private keys by confining the client DH key\nto small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario\n(Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the\noriginal reporter of CVE-2016-2834.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006521.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss and / or nss-util packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"nss-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-pkcs11-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"nss-3.21.3-2.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-devel-3.21.3-2.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-pkcs11-devel-3.21.3-2.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-sysinit-3.21.3-2.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-tools-3.21.3-2.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-util-3.21.3-1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-util-devel-3.21.3-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-3.21.3-2.0.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-devel-3.21.3-2.0.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.21.3-2.0.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.21.3-2.0.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.0.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-util-3.21.3-1.1.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-util-devel-3.21.3-1.1.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:06", "description": "According to the versions of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2016-1084)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nss", "p-cpe:/a:huawei:euleros:nss-devel", "p-cpe:/a:huawei:euleros:nss-sysinit", "p-cpe:/a:huawei:euleros:nss-tools", "p-cpe:/a:huawei:euleros:nss-util", "p-cpe:/a:huawei:euleros:nss-util-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1084.NASL", "href": "https://www.tenable.com/plugins/nessus/99843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99843);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-2834\",\n \"CVE-2016-5285\",\n \"CVE-2016-8635\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2016-1084)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nss, nss-util packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Multiple buffer handling flaws were found in the way\n NSS handled cryptographic data from the network. A\n remote attacker could use these flaws to crash an\n application using NSS or, possibly, execute arbitrary\n code with the permission of the user running the\n application. (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way\n NSS handled invalid Diffie-Hellman keys. A remote\n client could use this flaw to crash a TLS/SSL server\n using NSS. (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange\n handling in NSS was vulnerable to small subgroup\n confinement attack. An attacker could use this flaw to\n recover private keys by confining the client DH key to\n small subgroup of the desired group. (CVE-2016-8635)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1084\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ea9a4a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss, nss-util packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nss-3.21.3-2\",\n \"nss-devel-3.21.3-2\",\n \"nss-sysinit-3.21.3-2\",\n \"nss-tools-3.21.3-2\",\n \"nss-util-3.21.3-1.1\",\n \"nss-util-devel-3.21.3-1.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss, nss-util\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:49", "description": "The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es) :\n\n - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application.\n (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS.\n (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:nss", "p-cpe:/a:fermilab:scientific_linux:nss-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-devel", "p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:nss-sysinit", "p-cpe:/a:fermilab:scientific_linux:nss-tools", "p-cpe:/a:fermilab:scientific_linux:nss-util", "p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-util-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161116_NSS_AND_NSS_UTIL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95052);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n\n script_name(english:\"Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The nss-util packages provide utilities for use with the Network\nSecurity Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.12.3), nss-util (3.12.3).\n\nSecurity Fix(es) :\n\n - Multiple buffer handling flaws were found in the way NSS\n handled cryptographic data from the network. A remote\n attacker could use these flaws to crash an application\n using NSS or, possibly, execute arbitrary code with the\n permission of the user running the application.\n (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way NSS\n handled invalid Diffie-Hellman keys. A remote client\n could use this flaw to crash a TLS/SSL server using NSS.\n (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange\n handling in NSS was vulnerable to small subgroup\n confinement attack. An attacker could use this flaw to\n recover private keys by confining the client DH key to\n small subgroup of the desired group. (CVE-2016-8635)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=2517\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d7102ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-debuginfo-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"nss-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-debuginfo-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-devel-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-pkcs11-devel-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-sysinit-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-tools-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-3.21.3-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-debuginfo-3.21.3-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-util-devel-3.21.3-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-debuginfo-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-devel-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-3.21.3-1.1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-debuginfo-3.21.3-1.1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-util-devel-3.21.3-1.1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:21", "description": "An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nss", "p-cpe:/a:redhat:enterprise_linux:nss-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nss-devel", "p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:nss-sysinit", "p-cpe:/a:redhat:enterprise_linux:nss-tools", "p-cpe:/a:redhat:enterprise_linux:nss-util", "p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nss-util-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2779.NASL", "href": "https://www.tenable.com/plugins/nessus/94912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2779. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94912);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_xref(name:\"RHSA\", value:\"2016:2779\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for nss and nss-util is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nThe nss-util packages provide utilities for use with the Network\nSecurity Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute\narbitrary code with the permission of the user running the\napplication. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled\ninvalid Diffie-Hellman keys. A remote client could use this flaw to\ncrash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS\nwas vulnerable to small subgroup confinement attack. An attacker could\nuse this flaw to recover private keys by confining the client DH key\nto small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario\n(Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the\noriginal reporter of CVE-2016-2834.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5285\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2779\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"nss-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-debuginfo-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-devel-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-pkcs11-devel-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-debuginfo-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-devel-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-pkcs11-devel-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-sysinit-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-sysinit-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-sysinit-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-tools-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-tools-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-3.21.3-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-debuginfo-3.21.3-1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-util-devel-3.21.3-1.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-debuginfo-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-devel-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-pkcs11-devel-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-sysinit-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-tools-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-3.21.3-1.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-debuginfo-3.21.3-1.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-util-devel-3.21.3-1.1.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:50", "description": "An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:nss", "p-cpe:/a:centos:centos:nss-devel", "p-cpe:/a:centos:centos:nss-pkcs11-devel", "p-cpe:/a:centos:centos:nss-sysinit", "p-cpe:/a:centos:centos:nss-tools", "p-cpe:/a:centos:centos:nss-util", "p-cpe:/a:centos:centos:nss-util-devel", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2779.NASL", "href": "https://www.tenable.com/plugins/nessus/94981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2779 and \n# CentOS Errata and Security Advisory 2016:2779 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94981);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_xref(name:\"RHSA\", value:\"2016:2779\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for nss and nss-util is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nThe nss-util packages provide utilities for use with the Network\nSecurity Services (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version:\nnss (3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es) :\n\n* Multiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute\narbitrary code with the permission of the user running the\napplication. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled\ninvalid Diffie-Hellman keys. A remote client could use this flaw to\ncrash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS\nwas vulnerable to small subgroup confinement attack. An attacker could\nuse this flaw to recover private keys by confining the client DH key\nto small subgroup of the desired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario\n(Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the\noriginal reporter of CVE-2016-2834.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022151.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a63c1d2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19919c24\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?292c9a0a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003683.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?761aaeb0\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003684.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8590820\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss and / or nss-util packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2834\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-pkcs11-devel-3.21.3-2.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-tools-3.21.3-2.el5_11\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-devel-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-pkcs11-devel-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-sysinit-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-tools-3.21.3-2.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-util-3.21.3-1.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-util-devel-3.21.3-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-devel-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-tools-3.21.3-2.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-util-3.21.3-1.1.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-util-devel-3.21.3-1.1.el7_3\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T01:14:21", "description": "CVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61)\n\nMultiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application.\n\nCVE-2016-8635 nss: small-subgroups attack flaw\n\nIt was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.\n\nCVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash\n\nA NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nss", "p-cpe:/a:amazon:linux:nss-debuginfo", "p-cpe:/a:amazon:linux:nss-devel", "p-cpe:/a:amazon:linux:nss-pkcs11-devel", "p-cpe:/a:amazon:linux:nss-softokn", "p-cpe:/a:amazon:linux:nss-softokn-debuginfo", "p-cpe:/a:amazon:linux:nss-softokn-devel", "p-cpe:/a:amazon:linux:nss-softokn-freebl", "p-cpe:/a:amazon:linux:nss-softokn-freebl-devel", "p-cpe:/a:amazon:linux:nss-sysinit", "p-cpe:/a:amazon:linux:nss-tools", "p-cpe:/a:amazon:linux:nss-util", "p-cpe:/a:amazon:linux:nss-util-debuginfo", "p-cpe:/a:amazon:linux:nss-util-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-774.NASL", "href": "https://www.tenable.com/plugins/nessus/95894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-774.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95894);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-2834\", \"CVE-2016-5285\", \"CVE-2016-8635\");\n script_xref(name:\"ALAS\", value:\"2016-774\");\n\n script_name(english:\"Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61)\n\nMultiple buffer handling flaws were found in the way NSS handled\ncryptographic data from the network. A remote attacker could use these\nflaws to crash an application using NSS or, possibly, execute\narbitrary code with the permission of the user running the\napplication.\n\nCVE-2016-8635 nss: small-subgroups attack flaw\n\nIt was found that Diffie Hellman Client key exchange handling in NSS\nwas vulnerable to small subgroup confinement attack. An attacker could\nuse this flaw to recover private keys by confining the client DH key\nto small subgroup of the desired group.\n\nCVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey /\nssl3_ComputeRecordMACConstantTime causes server crash\n\nA NULL pointer dereference flaw was found in the way NSS handled\ninvalid Diffie-Hellman keys. A remote client could use this flaw to\ncrash a TLS/SSL server using NSS.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-774.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update nss-util' to update your system.\n\nRun 'yum update nss' to update your system.\n\nRun 'yum update nss-softokn' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nss-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-debuginfo-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-devel-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-pkcs11-devel-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-3.16.2.3-14.4.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-debuginfo-3.16.2.3-14.4.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-devel-3.16.2.3-14.4.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-freebl-3.16.2.3-14.4.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-freebl-devel-3.16.2.3-14.4.39.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-sysinit-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-tools-3.21.3-2.77.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-util-3.21.3-1.1.51.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-util-debuginfo-3.21.3-1.1.51.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-util-devel-3.21.3-1.1.51.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:38", "description": "The remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-04T00:00:00", "type": "nessus", "title": "GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2804", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2809", "CVE-2016-2810", "CVE-2016-2811", "CVE-2016-2812", "CVE-2016-2813", "CVE-2016-2814", "CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2820", "CVE-2016-2827", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5253", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5267", "CVE-2016-5268", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-15.NASL", "href": "https://www.tenable.com/plugins/nessus/96276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-15.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96276);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2804\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2809\", \"CVE-2016-2810\", \"CVE-2016-2811\", \"CVE-2016-2812\", \"CVE-2016-2813\", \"CVE-2016-2814\", \"CVE-2016-2816\", \"CVE-2016-2817\", \"CVE-2016-2820\", \"CVE-2016-2827\", \"CVE-2016-2830\", \"CVE-2016-2835\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5250\", \"CVE-2016-5251\", \"CVE-2016-5252\", \"CVE-2016-5253\", \"CVE-2016-5254\", \"CVE-2016-5255\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5260\", \"CVE-2016-5261\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-5266\", \"CVE-2016-5267\", \"CVE-2016-5268\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\");\n script_xref(name:\"GLSA\", value:\"201701-15\");\n\n script_name(english:\"GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-15\n(Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Thunderbird. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition via\n multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-15\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.6.0'\n All Firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.6.0'\n All Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-45.6.0'\n All Thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-45.6.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox / Thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:52:04", "description": "**CentOS Errata and Security Advisory** CESA-2016:2780\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A\nMan-in-the-Middle attacker could use this flaw to install a malicious signed\nadd-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou,\nOlli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru\nFujisawa, Philipp, and Randell Jesup as the original reporters.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059075.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059076.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2780", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-19T11:43:55", "type": "centos", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-11-19T12:43:11", "id": "CESA-2016:2780", "href": "https://lists.centos.org/pipermail/centos-announce/2016-November/059075.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:51:59", "description": "**CentOS Errata and Security Advisory** CESA-2016:2825\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/059082.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/059084.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-December/016581.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2825", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T15:29:44", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290"], "modified": "2016-12-01T15:43:25", "id": "CESA-2016:2825", "href": "https://lists.centos.org/pipermail/centos-announce/2016-December/059082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:52:03", "description": "**CentOS Errata and Security Advisory** CESA-2016:2779\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support the\ncross-platform development of security-enabled client and server applications.\n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries.\n\nThe following packages have been upgraded to a newer upstream version: nss\n(3.21.3), nss-util (3.21.3).\n\nSecurity Fix(es):\n\n* Multiple buffer handling flaws were found in the way NSS handled cryptographic\ndata from the network. A remote attacker could use these flaws to crash an\napplication using NSS or, possibly, execute arbitrary code with the permission\nof the user running the application. (CVE-2016-2834)\n\n* A NULL pointer dereference flaw was found in the way NSS handled invalid\nDiffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL\nserver using NSS. (CVE-2016-5285)\n\n* It was found that Diffie Hellman Client key exchange handling in NSS was\nvulnerable to small subgroup confinement attack. An attacker could use this flaw\nto recover private keys by confining the client DH key to small subgroup of the\ndesired group. (CVE-2016-8635)\n\nRed Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The\nCVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream\nacknowledges Tyson Smith and Jed Davis as the original reporter of\nCVE-2016-2834.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059070.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059071.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059078.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/016573.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/016574.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-sysinit\nnss-tools\nnss-util\nnss-util-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2779", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-19T11:17:02", "type": "centos", "title": "nss security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"], "modified": "2016-11-25T16:47:49", "id": "CESA-2016:2779", "href": "https://lists.centos.org/pipermail/centos-announce/2016-November/059070.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:38:56", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n*

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)

Description

Related