Lucene search
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3175-1.NASLHistoryJan 30, 2017 - 12:00 a.m.
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3175-1)
2017-01-3000:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42
Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2017-5375)
Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)
Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2017-5377)
Jann Horn discovered that an object’s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)
A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2017-5379)
A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)
Jann Horn discovered that the ‘export’ function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations.
(CVE-2017-5381)
Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)
Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)
Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information.
(CVE-2017-5384)
Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information.
(CVE-2017-5385)
Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)
Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)
Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission.
(CVE-2017-5389)
Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)
Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)
Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla’s AMO sites, to install additional addons. (CVE-2017-5393)
Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2017-5396).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3175-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(96872);
script_version("3.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id(
"CVE-2017-5373",
"CVE-2017-5374",
"CVE-2017-5375",
"CVE-2017-5376",
"CVE-2017-5377",
"CVE-2017-5378",
"CVE-2017-5379",
"CVE-2017-5380",
"CVE-2017-5381",
"CVE-2017-5382",
"CVE-2017-5383",
"CVE-2017-5384",
"CVE-2017-5385",
"CVE-2017-5386",
"CVE-2017-5387",
"CVE-2017-5388",
"CVE-2017-5389",
"CVE-2017-5390",
"CVE-2017-5391",
"CVE-2017-5393",
"CVE-2017-5396"
);
script_xref(name:"USN", value:"3175-1");
script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3175-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Multiple memory safety issues were discovered in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5373,
CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5375)
Nicolas Gregoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2017-5376)
Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5377)
Jann Horn discovered that an object's address could be discovered
through hashed codes of JavaScript objects shared between pages. If a
user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to obtain sensitive
information. (CVE-2017-5378)
A use-after-free was discovered in Web Animations in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5379)
A use-after-free was discovered during DOM manipulation of SVG content
in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code. (CVE-2017-5380)
Jann Horn discovered that the 'export' function in the Certificate
Viewer can force local filesystem navigation when the Common Name
contains slashes. If a user were tricked in to exporting a specially
crafted certificate, an attacker could potentially exploit this to
save content with arbitrary filenames in unsafe locations.
(CVE-2017-5381)
Jerri Rice discovered that the Feed preview for RSS feeds can be used
to capture errors and exceptions generated by privileged content. An
attacker could potentially exploit this to obtain sensitive
information. (CVE-2017-5382)
Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof
the URL bar contents. (CVE-2017-5383)
Paul Stone and Alex Chapman discovered that the full URL path is
exposed to JavaScript functions specified by Proxy Auto-Config (PAC)
files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker
could potentially exploit this to obtain sensitive information.
(CVE-2017-5384)
Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could
potentially exploit this to obtain sensitive information.
(CVE-2017-5385)
Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)
Mustafa Hasan discovered that the existence of local files can be
determined using the <track> element. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5387)
Cullen Jennings discovered that WebRTC can be used to generate large
amounts of UDP traffic. An attacker could potentially exploit this to
conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
Kris Maglione discovered that WebExtensions can use the
mozAddonManager API by modifying the CSP headers on sites with the
appropriate permissions and then using host requests to redirect
script loads to a malicious site. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to install additional addons without user permission.
(CVE-2017-5389)
Jerri Rice discovered insecure communication methods in the Dev Tools
JSON Viewer. An attacker could potentially exploit this to gain
additional privileges. (CVE-2017-5390)
Jerri Rice discovered that about: pages used by content can load
privileged about: pages in iframes. An attacker could potentially
exploit this to gain additional privileges, in combination with a
content-injection bug in one of those about: pages. (CVE-2017-5391)
Stuart Colville discovered that mozAddonManager allows for the
installation of extensions from the CDN for addons.mozilla.org, a
publicly accessible site. If a user were tricked in to installing a
specially crafted addon, an attacker could potentially exploit this,
in combination with a cross-site scripting (XSS) attack on Mozilla's
AMO sites, to install additional addons. (CVE-2017-5393)
Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5396).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3175-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5396");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'firefox', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-dev', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-globalmenu', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-af', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-an', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-as', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-az', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-be', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-br', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-da', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-de', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-el', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-en', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-es', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-et', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-he', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-id', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-is', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-it', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-km', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-or', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-si', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-te', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-th', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-testsuite', 'pkgver': '51.0.1+build2-0ubuntu0.14.04.1'},
{'osver': '16.04', 'pkgname': 'firefox', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-dev', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-globalmenu', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-af', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-an', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-as', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-az', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-be', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-br', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-da', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-de', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-el', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-en', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-es', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-et', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-he', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-id', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-is', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-it', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-km', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-or', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-si', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-te', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-th', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-testsuite', 'pkgver': '51.0.1+build2-0ubuntu0.16.04.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-globalmenu / firefox-locale-af / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | firefox | p-cpe:/a:canonical:ubuntu_linux:firefox |
| canonical | ubuntu_linux | firefox-dev | p-cpe:/a:canonical:ubuntu_linux:firefox-dev |
| canonical | ubuntu_linux | firefox-globalmenu | p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu |
| canonical | ubuntu_linux | firefox-locale-af | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af |
| canonical | ubuntu_linux | firefox-locale-an | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an |
| canonical | ubuntu_linux | firefox-locale-ar | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar |
| canonical | ubuntu_linux | firefox-locale-as | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as |
| canonical | ubuntu_linux | firefox-locale-ast | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast |
| canonical | ubuntu_linux | firefox-locale-az | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az |
| canonical | ubuntu_linux | firefox-locale-be | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
ubuntu.com/security/notices/USN-3175-1
Related
ubuntu
ubuntu
Firefox vulnerabilities
2017-01-27 00:00:00
Firefox regression
2017-02-06 00:00:00
Thunderbird vulnerabilities
2017-01-28 00:00:00
archlinux
archlinux
[ASA-201701-39] firefox: multiple issues
2017-01-29 00:00:00
[ASA-201701-40] thunderbird: multiple issues
2017-01-29 00:00:00
nessus
nessus
Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)
2017-01-25 00:00:00
Mozilla Firefox < 51.0 Multiple Vulnerabilities
2017-01-25 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3175-2)
2017-02-07 00:00:00
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2017-01, MFSA2017-02) - Windows
2017-01-27 00:00:00
Mozilla Firefox Security Advisories (MFSA2017-01, MFSA2017-02) - Mac OS X
2017-01-27 00:00:00
Ubuntu: Security Advisory (USN-3175-1)
2017-01-28 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2017-02-02 00:13:07
Security update for MozillaFirefox (important)
2017-02-08 18:10:27
Security update for MozillaFirefox (important)
2017-02-09 03:07:40
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-01-24 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 51 — Mozilla
2017-01-24 00:00:00
Security vulnerabilities fixed in Firefox ESR 45.7 — Mozilla
2017-01-24 00:00:00
Security vulnerabilities fixed in Thunderbird 45.7 — Mozilla
2017-01-26 00:00:00
kaspersky
kaspersky
KLA10953 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2017-01-24 00:00:00
KLA10956 Multiple vulnerabilities in Mozilla Thunderbird
2017-01-26 00:00:00
ibm
ibm
osv
osv
firefox-esr - security update
2017-01-25 00:00:00
firefox-esr - security update
2017-01-26 00:00:00
icedove - security update
2017-04-20 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2017-02-20 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2017-02-20 00:00:00
redhat
redhat
(RHSA-2017:0190) Critical: firefox security update
2017-01-25 00:00:00
(RHSA-2017:0238) Important: thunderbird security update
2017-02-02 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2017-01-27 04:35:28
centos
centos
firefox security update
2017-01-26 20:24:55
thunderbird security update
2017-02-02 21:10:46
mageia
mageia
Updated firefox packages fix security vulnerability
2017-01-27 12:19:09
Updated thunderbird packages fix security vulnerabilities
2017-02-04 00:39:38
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
debian
debian
[SECURITY] [DSA 3771-1] firefox-esr security update
2017-01-25 21:46:48
[SECURITY] [DLA 800-1] firefox-esr security update
2017-01-26 17:17:44
[SECURITY] [DSA 3832-1] icedove security update
2017-04-20 21:05:00
oraclelinux
oraclelinux
firefox security update
2017-01-25 00:00:00
thunderbird security update
2017-02-02 00:00:00
threatpost
threatpost
Firefox 51 Begins Warning Users of Insecure HTTP Connections
2017-01-25 14:30:37
cve
cve
prion
prion
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
Denial Of Services(DoS)
2019-01-15 09:15:36
Privilege Escalation
2019-05-02 06:09:38
Memory Corruption
2019-05-02 06:09:36
redhatcve
redhatcve
alpinelinux
alpinelinux
Related for UBUNTU_USN-3175-1.NASL