The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4216-2 advisory.
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745)
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)
The plain text serializer used a fixed-size array for the number of <ol> elements it could process;
however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
(CVE-2019-17005)
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17008)
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17012)
Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71. (CVE-2019-17013)
If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. (CVE-2019-17014)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4216-2. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(183555);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id(
"CVE-2019-11745",
"CVE-2019-11756",
"CVE-2019-17005",
"CVE-2019-17008",
"CVE-2019-17010",
"CVE-2019-17011",
"CVE-2019-17012",
"CVE-2019-17013",
"CVE-2019-17014"
);
script_xref(name:"IAVA", value:"2019-A-0438-S");
script_xref(name:"USN", value:"4216-2");
script_name(english:"Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4216-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-4216-2 advisory.
- When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the
block size, a small out of bounds write could occur. This could have caused heap corruption and a
potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and
Firefox < 71. (CVE-2019-11745)
- Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited
to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)
- The plain text serializer used a fixed-size array for the number of <ol> elements it could process;
however it was possible to overflow the static-sized array leading to memory corruption and a potentially
exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
(CVE-2019-17005)
- When using nested workers, a use-after-free could occur during worker destruction. This resulted in a
potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and
Firefox < 71. (CVE-2019-17008)
- Under certain conditions, when checking the Resist Fingerprinting preference during device orientation
checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This
vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17010)
- Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race
condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability
affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-17011)
- Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,
and Firefox < 71. (CVE-2019-17012)
- Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of these could have been exploited to run
arbitrary code. This vulnerability affects Firefox < 71. (CVE-2019-17013)
- If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and
dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox <
71. (CVE-2019-17014)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4216-2");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17013");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'firefox', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-dev', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-af', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-an', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-as', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-az', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-be', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-br', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-da', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-de', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-el', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-en', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-es', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-et', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-he', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-id', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-is', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-it', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-km', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-my', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-or', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-si', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-te', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-th', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '71.0+build5-0ubuntu0.16.04.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-geckodriver / firefox-locale-af / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
canonical | ubuntu_linux | firefox | p-cpe:/a:canonical:ubuntu_linux:firefox |
canonical | ubuntu_linux | firefox-dev | p-cpe:/a:canonical:ubuntu_linux:firefox-dev |
canonical | ubuntu_linux | firefox-geckodriver | p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver |
canonical | ubuntu_linux | firefox-locale-af | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af |
canonical | ubuntu_linux | firefox-locale-an | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an |
canonical | ubuntu_linux | firefox-locale-ar | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar |
canonical | ubuntu_linux | firefox-locale-as | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as |
canonical | ubuntu_linux | firefox-locale-ast | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast |
canonical | ubuntu_linux | firefox-locale-az | p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17014
ubuntu.com/security/notices/USN-4216-2