This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-14456-1.NASLSUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
78.3%
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14456-1 advisory.
-
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. (CVE-2020-15652)
-
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15653)
-
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15654)
-
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15655)
-
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
(CVE-2020-15656) -
Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15657)
-
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15658)
-
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. (CVE-2020-15659)
-
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-6463)
-
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
(CVE-2020-6514)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2020:14456-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150564);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/26");
script_cve_id(
"CVE-2020-6463",
"CVE-2020-6514",
"CVE-2020-15652",
"CVE-2020-15653",
"CVE-2020-15654",
"CVE-2020-15655",
"CVE-2020-15656",
"CVE-2020-15657",
"CVE-2020-15658",
"CVE-2020-15659"
);
script_xref(name:"SuSE", value:"SUSE-SU-2020:14456-1");
script_xref(name:"IAVA", value:"2020-A-0314-S");
script_xref(name:"IAVA", value:"2020-A-0344-S");
script_name(english:"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2020:14456-1 advisory.
- By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a
cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability
affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird <
78.1. (CVE-2020-15652)
- An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This
could have led to security issues for websites relying on sandbox configurations that allowed popups and
hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird <
78.1. (CVE-2020-15653)
- When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user
is interacting with the user interface, when they are not. This could lead to a perceived broken state,
especially when interactions with existing browser dialogs and warnings do not work. This vulnerability
affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15654)
- A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS
checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox
ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15655)
- JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk
was already mitigated by various precautions in the code, resulting in this bug rated at only moderate
severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
(CVE-2020-15656)
- Firefox could be made to load attacker-supplied DLL files from the installation directory. This required
an attacker that is already capable of placing files in the installation directory. *Note: This issue only
affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects
Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15657)
- The code for downloading files did not properly take care of special characters, which led to an attacker
being able to cut off the file ending at an earlier position, leading to a different file type being
downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and
Thunderbird < 78.1. (CVE-2020-15658)
- Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR
78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox
ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. (CVE-2020-15659)
- Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (CVE-2020-6463)
- Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a
privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
(CVE-2020-6514)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174538");
# https://lists.suse.com/pipermail/sle-security-updates/2020-August/007275.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b2fd8d66");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15652");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15653");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15654");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15655");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15656");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15657");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15658");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15659");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-6463");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-6514");
script_set_attribute(attribute:"solution", value:
"Update the affected MozillaFirefox, MozillaFirefox-translations-common and / or MozillaFirefox-translations-other
packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15659");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-6463");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/21");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
pkgs = [
{'reference':'MozillaFirefox-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-translations-common-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-translations-other-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
{'reference':'MozillaFirefox-translations-common-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
{'reference':'MozillaFirefox-translations-other-78.1.0-78.87', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
exists_check = NULL;
rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release && exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
else if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | mozillafirefox | p-cpe:/a:novell:suse_linux:mozillafirefox |
| novell | suse_linux | mozillafirefox-translations-common | p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common |
| novell | suse_linux | mozillafirefox-translations-other | p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other |
| novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
www.nessus.org/u?b2fd8d66
bugzilla.suse.com/1173948
bugzilla.suse.com/1173991
bugzilla.suse.com/1174538
www.suse.com/security/cve/CVE-2020-15652
www.suse.com/security/cve/CVE-2020-15653
www.suse.com/security/cve/CVE-2020-15654
www.suse.com/security/cve/CVE-2020-15655
www.suse.com/security/cve/CVE-2020-15656
www.suse.com/security/cve/CVE-2020-15657
www.suse.com/security/cve/CVE-2020-15658
www.suse.com/security/cve/CVE-2020-15659
www.suse.com/security/cve/CVE-2020-6463
www.suse.com/security/cve/CVE-2020-6514
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
78.3%