This update for MozillaFirefox to ESR 45.8 fixes the following issues:
Security issues fixed (bsc#1028391) :
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Bugfixes :
fix crashes on Itanium (bsc#1027527)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0732-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97832);
script_version("3.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-5398", "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5404", "CVE-2017-5405", "CVE-2017-5407", "CVE-2017-5408", "CVE-2017-5409", "CVE-2017-5410");
script_name(english:"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0732-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for MozillaFirefox to ESR 45.8 fixes the following issues:
Security issues fixed (bsc#1028391) :
- CVE-2017-5402: Use-after-free working with events in
FontFace objects
- CVE-2017-5410: Memory corruption during JavaScript
garbage collection incremental sweeping
- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
- CVE-2017-5401: Memory Corruption when handling
ErrorResult
- CVE-2017-5407: Pixel and history stealing via
floating-point timing side channel with SVG filters
- CVE-2017-5404: Use-after-free working with ranges in
selections
- CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports
- CVE-2017-5408: Cross-origin reading of video captions in
violation of CORS
- CVE-2017-5409: File deletion via callback parameter in
Mozilla Windows Updater and Maintenance Service
- CVE-2017-5398: Memory safety bugs fixed in Firefox 52
and Firefox ESR 45.8 Bugfixes :
- fix crashes on Itanium (bsc#1027527)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1027527"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1028391"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5398/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5400/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5401/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5402/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5404/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5405/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5407/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5408/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5409/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5410/"
);
# https://www.suse.com/support/update/announcement/2017/suse-su-20170732-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?3713e709"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud 5:zypper in -t patch
sleclo50sp3-MozillaFirefox-13034=1
SUSE Manager Proxy 2.1:zypper in -t patch
slemap21-MozillaFirefox-13034=1
SUSE Manager 2.1:zypper in -t patch sleman21-MozillaFirefox-13034=1
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-MozillaFirefox-13034=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-MozillaFirefox-13034=1
SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
slessp3-MozillaFirefox-13034=1
SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
sleposp3-MozillaFirefox-13034=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-MozillaFirefox-13034=1
SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
dbgsp3-MozillaFirefox-13034=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"MozillaFirefox-45.8.0esr-68.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"MozillaFirefox-translations-45.8.0esr-68.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"MozillaFirefox-45.8.0esr-68.1")) flag++;
if (rpm_check(release:"SLES11", sp:"3", reference:"MozillaFirefox-translations-45.8.0esr-68.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | mozillafirefox | p-cpe:/a:novell:suse_linux:mozillafirefox |
novell | suse_linux | mozillafirefox-translations | p-cpe:/a:novell:suse_linux:mozillafirefox-translations |
novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
www.nessus.org/u?3713e709
bugzilla.suse.com/show_bug.cgi?id=1027527
bugzilla.suse.com/show_bug.cgi?id=1028391
www.suse.com/security/cve/CVE-2017-5398/
www.suse.com/security/cve/CVE-2017-5400/
www.suse.com/security/cve/CVE-2017-5401/
www.suse.com/security/cve/CVE-2017-5402/
www.suse.com/security/cve/CVE-2017-5404/
www.suse.com/security/cve/CVE-2017-5405/
www.suse.com/security/cve/CVE-2017-5407/
www.suse.com/security/cve/CVE-2017-5408/
www.suse.com/security/cve/CVE-2017-5409/
www.suse.com/security/cve/CVE-2017-5410/