This update for MozillaFirefox to ESR 45.8 fixes the following issues:
Security issues fixed (bsc#1028391) :
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0714-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97825);
script_version("3.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410");
script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for MozillaFirefox to ESR 45.8 fixes the following issues:
Security issues fixed (bsc#1028391) :
- CVE-2017-5402: Use-after-free working with events in
FontFace objects
- CVE-2017-5410: Memory corruption during JavaScript
garbage collection incremental sweeping
- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
- CVE-2017-5401: Memory Corruption when handling
ErrorResult
- CVE-2017-5407: Pixel and history stealing via
floating-point timing side channel with SVG filters
- CVE-2017-5404: Use-after-free working with ranges in
selections
- CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports
- CVE-2017-5408: Cross-origin reading of video captions in
violation of CORS
- CVE-2017-5409: File deletion via callback parameter in
Mozilla Windows Updater and Maintenance Service
- CVE-2017-5398: Memory safety bugs fixed in Firefox 52
and Firefox ESR 45.8
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1028391"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5398/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5400/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5401/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5402/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5404/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5405/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5407/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5408/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5409/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5410/"
);
# https://www.suse.com/support/update/announcement/2017/suse-su-20170714-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?be982349"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-392=1
SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2017-392=1
SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2017-392=1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-392=1
SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-392=1
SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-392=1
SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-392=1
SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-392=1
SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP1-2017-392=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debuginfo-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debugsource-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-translations-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-translations-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-translations-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.8.0esr-102.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-translations-45.8.0esr-102.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | mozillafirefox | p-cpe:/a:novell:suse_linux:mozillafirefox |
novell | suse_linux | mozillafirefox-debuginfo | p-cpe:/a:novell:suse_linux:mozillafirefox-debuginfo |
novell | suse_linux | mozillafirefox-debugsource | p-cpe:/a:novell:suse_linux:mozillafirefox-debugsource |
novell | suse_linux | mozillafirefox-translations | p-cpe:/a:novell:suse_linux:mozillafirefox-translations |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
www.nessus.org/u?be982349
bugzilla.suse.com/show_bug.cgi?id=1028391
www.suse.com/security/cve/CVE-2017-5398/
www.suse.com/security/cve/CVE-2017-5400/
www.suse.com/security/cve/CVE-2017-5401/
www.suse.com/security/cve/CVE-2017-5402/
www.suse.com/security/cve/CVE-2017-5404/
www.suse.com/security/cve/CVE-2017-5405/
www.suse.com/security/cve/CVE-2017-5407/
www.suse.com/security/cve/CVE-2017-5408/
www.suse.com/security/cve/CVE-2017-5409/
www.suse.com/security/cve/CVE-2017-5410/