Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2018 Tenable Network Security, Inc.UBUNTU_USN-2917-1.NASLUbuntu 14.04 LTS : Firefox vulnerabilities (USN-2917-1)
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953)
Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)
Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955)
Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956)
Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)
Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks.
(CVE-2016-1958)
Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959)
A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961)
Dominique Hazael-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1962)
It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963)
Nicolas Gregoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964)
Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965)
A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1966)
Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data.
(CVE-2016-1967)
Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968)
Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973)
Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2917-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89826);
script_version("2.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");
script_cve_id(
"CVE-2016-1950",
"CVE-2016-1952",
"CVE-2016-1953",
"CVE-2016-1954",
"CVE-2016-1955",
"CVE-2016-1956",
"CVE-2016-1957",
"CVE-2016-1958",
"CVE-2016-1959",
"CVE-2016-1960",
"CVE-2016-1961",
"CVE-2016-1962",
"CVE-2016-1963",
"CVE-2016-1964",
"CVE-2016-1965",
"CVE-2016-1966",
"CVE-2016-1967",
"CVE-2016-1968",
"CVE-2016-1973",
"CVE-2016-1974",
"CVE-2016-1977",
"CVE-2016-2790",
"CVE-2016-2791",
"CVE-2016-2792",
"CVE-2016-2793",
"CVE-2016-2794",
"CVE-2016-2795",
"CVE-2016-2796",
"CVE-2016-2797",
"CVE-2016-2798",
"CVE-2016-2799",
"CVE-2016-2800",
"CVE-2016-2801",
"CVE-2016-2802"
);
script_xref(name:"USN", value:"2917-1");
script_name(english:"Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2917-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Francis Gabriel discovered a buffer overflow during ASN.1 decoding in
NSS. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo
Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1952, CVE-2016-1953)
Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a
specially crafted website with addon signing disabled and unpacked
addons installed, an attacker could potentially exploit this to gain
additional privileges. (CVE-2016-1954)
Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could
potentially exploit this to steal confidential data. (CVE-2016-1955)
Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)
Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via memory exhaustion. (CVE-2016-1957)
Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks.
(CVE-2016-1958)
Looben Yang discovered an out-of-bounds read in Service Worker
Manager. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1959)
A use-after-free was discovered in the HTML5 string parser. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of
HTMLDocument. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1961)
Dominique Hazael-Massieux discovered a use-after-free when using
multiple WebRTC data channels. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1962)
It was discovered that Firefox crashes when local files are modified
whilst being read by the FileReader API. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1963)
Nicolas Gregoire discovered a use-after-free during XML
transformations. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1964)
Tsubasa Iinuma discovered a mechanism to cause the addressbar to
display an incorrect URL, using history navigations and the Location
protocol property. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
URL spoofing attacks. (CVE-2016-1965)
A memory corruption issues was discovered in the NPAPI subsystem. If a
user were tricked in to opening a specially crafted website with a
malicious plugin installed, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1966)
Jordi Chancel discovered a same-origin-policy bypass when using
performance.getEntries and history navigation with session restore. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to steal confidential data.
(CVE-2016-1967)
Luke Li discovered a buffer overflow during Brotli decompression in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1968)
Ronald Crane discovered a use-after-free in GetStaticInstance in
WebRTC. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1973)
Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1974)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,
CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2917-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1962");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2016/03/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2018 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'firefox', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-dev', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-globalmenu', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-af', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-an', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-as', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-az', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-be', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-br', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-da', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-de', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-el', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-en', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-es', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-et', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-he', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-id', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-is', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-it', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-km', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-or', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-si', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-te', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-th', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-testsuite', 'pkgver': '45.0+build2-0ubuntu0.14.04.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-globalmenu / firefox-locale-af / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | firefox | p-cpe:/a:canonical:ubuntu_linux:firefox |
| canonical | ubuntu_linux | firefox-locale-sq | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq |
| canonical | ubuntu_linux | firefox-locale-sr | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr |
| canonical | ubuntu_linux | firefox-locale-sv | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv |
| canonical | ubuntu_linux | firefox-locale-sw | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw |
| canonical | ubuntu_linux | firefox-locale-ta | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta |
| canonical | ubuntu_linux | firefox-locale-te | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te |
| canonical | ubuntu_linux | firefox-locale-th | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th |
| canonical | ubuntu_linux | firefox-locale-tr | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr |
| canonical | ubuntu_linux | firefox-locale-uk | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
ubuntu.com/security/notices/USN-2917-1
Related
