{"id": "UBUNTU_USN-4443-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1)", "description": "Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain\nsensitive information, bypass iframe sandbox restrictions, confuse the\nuser, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514,\nCVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656,\nCVE-2020-15658, CVE-2020-15659) It was discovered that redirected HTTP\nrequests which are observed or modified through a web extension could\nbypass existing CORS checks. If a user were tricked in to installing a\nspecially crafted extension, an attacker could potentially exploit\nthis to obtain sensitive information across origins. (CVE-2020-15655).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2020-07-30T00:00:00", "modified": "2020-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/139182", "reporter": "Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/4443-1/"], "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15658"], "type": "nessus", "lastseen": "2020-12-01T15:26:05", "edition": 7, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-4443-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1179-1", "OPENSUSE-SU-2020:1189-1", "OPENSUSE-SU-2020:1147-1", "OPENSUSE-SU-2020:1155-1", "OPENSUSE-SU-2020:1205-1"]}, {"type": "kaspersky", "idList": ["KLA11920", "KLA11919", "KLA11921", "KLA11924"]}, {"type": "nessus", "idList": ["MACOS_FIREFOX_78_1_ESR.NASL", "OPENSUSE-2020-1155.NASL", "SUSE_SU-2020-2118-1.NASL", "MOZILLA_THUNDERBIRD_78_1.NASL", "MACOS_FIREFOX_79_0.NASL", "MOZILLA_FIREFOX_79_0.NASL", "MACOS_THUNDERBIRD_78_1.NASL", "SUSE_SU-2020-2100-1.NASL", "OPENSUSE-2020-1147.NASL", "MOZILLA_FIREFOX_78_1_ESR.NASL"]}, {"type": "cve", "idList": ["CVE-2020-6514", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-15655", "CVE-2020-15658", "CVE-2020-15652", "CVE-2020-15653", "CVE-2020-15654", "CVE-2020-15656"]}, {"type": "centos", "idList": ["CESA-2020:3345", "CESA-2020:3233", "CESA-2020:3253", "CESA-2020:3344"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3344", "ELSA-2020-3253", "ELSA-2020-3241", "ELSA-2020-3345", "ELSA-2020-3233", "ELSA-2020-3341"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2297-1:4B6B0", "DEBIAN:DLA-2310-1:89E38", "DEBIAN:DSA-4740-1:75F4C", "DEBIAN:DSA-4736-1:A45B9"]}, {"type": "redhat", "idList": ["RHSA-2020:3229", "RHSA-2020:3342", "RHSA-2020:3254", "RHSA-2020:3241", "RHSA-2020:3341", "RHSA-2020:3345", "RHSA-2020:3343", "RHSA-2020:3344", "RHSA-2020:3253", "RHSA-2020:3233"]}, {"type": "gentoo", "idList": ["GLSA-202007-64", "GLSA-202007-60"]}, {"type": "amazon", "idList": ["ALAS2-2020-1487"]}, {"type": "slackware", "idList": ["SSA-2020-213-01"]}], "modified": "2020-12-01T15:26:05", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-12-01T15:26:05", "rev": 2}, "vulnersScore": 5.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4443-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139182);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-15652\", \"CVE-2020-15653\", \"CVE-2020-15654\", \"CVE-2020-15655\", \"CVE-2020-15656\", \"CVE-2020-15658\", \"CVE-2020-15659\", \"CVE-2020-6463\", \"CVE-2020-6514\");\n script_xref(name:\"USN\", value:\"4443-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain\nsensitive information, bypass iframe sandbox restrictions, confuse the\nuser, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514,\nCVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656,\nCVE-2020-15658, CVE-2020-15659) It was discovered that redirected HTTP\nrequests which are observed or modified through a web extension could\nbypass existing CORS checks. If a user were tricked in to installing a\nspecially crafted extension, an attacker could potentially exploit\nthis to obtain sensitive information across origins. (CVE-2020-15655).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4443-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"79.0+build1-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"firefox\", pkgver:\"79.0+build1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"firefox\", pkgver:\"79.0+build1-0ubuntu0.20.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "139182", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}

{"ubuntu": [{"lastseen": "2020-08-15T13:53:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15658"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to cause a denial of service, obtain sensitive \ninformation, bypass iframe sandbox restrictions, confuse the user, or \nexecute arbitrary code. (CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, \nCVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, \nCVE-2020-15659)\n\nIt was discovered that redirected HTTP requests which are observed or \nmodified through a web extension could bypass existing CORS checks. If a \nuser were tricked in to installing a specially crafted extension, an \nattacker could potentially exploit this to obtain sensitive information \nacross origins. (CVE-2020-15655)", "edition": 2, "modified": "2020-07-29T00:00:00", "published": "2020-07-29T00:00:00", "id": "USN-4443-1", "href": "https://ubuntu.com/security/notices/USN-4443-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-08-07T05:33:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "description": "This update for MozillaFirefox fixes the following issues:\n\n - Firefox Extended Support Release 78.1.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n (bsc#1174538)\n * CVE-2020-15652: Potential leak of redirect targets when loading\n scripts in a worker\n * CVE-2020-6514: WebRTC data channel leaks internal address to peer\n * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin\n Policy\n * CVE-2020-15653: Bypassing iframe sandbox when allowing popups\n * CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n * CVE-2020-15656: Type confusion for special arguments in IonMonkey\n * CVE-2020-15658: Overriding file type when saving to disk\n * CVE-2020-15657: DLL hijacking due to incorrect loading path\n * CVE-2020-15654: Custom cursor can overlay user interface\n * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR\n 78.1\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-08-07T03:17:19", "published": "2020-08-07T03:17:19", "id": "OPENSUSE-SU-2020:1155-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T19:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "description": "This update for MozillaFirefox fixes the following issues:\n\n This update for MozillaFirefox and pipewire fixes the following issues:\n\n MozillaFirefox Extended Support Release 78.1.0 ESR\n\n * Fixed: Various stability, functionality, and security fixes (bsc#1174538)\n * CVE-2020-15652: Potential leak of redirect targets when loading scripts\n in a worker\n * CVE-2020-6514: WebRTC data channel leaks internal address to peer\n * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy\n * CVE-2020-15653: Bypassing iframe sandbox when allowing popups\n * CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n * CVE-2020-15656: Type confusion for special arguments in IonMonkey\n * CVE-2020-15658: Overriding file type when saving to disk\n * CVE-2020-15657: DLL hijacking due to incorrect loading path\n * CVE-2020-15654: Custom cursor can overlay user interface\n * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR\n 78.1\n\n pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308):\n\n * Extensive memory leak fixing and stress testing was done. A big leak in\n screen sharing with DMA-BUF was fixed.\n * Compile fixes\n * Stability improvements in jack and pulseaudio layers.\n * Added the old portal module to make the Camera portal work again. This\n will be moved to the session manager in future versions.\n * Improvements to the GStreamer source and sink shutdown.\n * Fix compatibility with v2 clients again when negotiating buffers.\n\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n", "edition": 1, "modified": "2020-08-12T18:13:54", "published": "2020-08-12T18:13:54", "id": "OPENSUSE-SU-2020:1189-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-05T17:27:54", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "description": "This update for MozillaFirefox fixes the following issues:\n\n - Firefox Extended Support Release 78.1.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n (bsc#1174538)\n * CVE-2020-15652: Potential leak of redirect targets when loading\n scripts in a worker\n * CVE-2020-6514: WebRTC data channel leaks internal address to peer\n * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin\n Policy\n * CVE-2020-15653: Bypassing iframe sandbox when allowing popups\n * CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n * CVE-2020-15656: Type confusion for special arguments in IonMonkey\n * CVE-2020-15658: Overriding file type when saving to disk\n * CVE-2020-15657: DLL hijacking due to incorrect loading path\n * CVE-2020-15654: Custom cursor can overlay user interface\n * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR\n 78.1\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-08-05T15:17:08", "published": "2020-08-05T15:17:08", "id": "OPENSUSE-SU-2020:1147-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T23:34:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "This update for MozillaThunderbird fixes the following issues:\n\n - Updated to Mozilla Thunderbird 68.11:\n * Fixed various security issues (MFSA-2020-35, bsc#1174538).\n * Fixed CVE-2020-15652: Potential leak of redirect targets when loading\n scripts in a worker (bsc#1174538).\n * Fixed CVE-2020-6514: WebRTC data channel leaks internal address to\n peer (bsc#1174538).\n * Fixed CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture (bsc#1174538).\n * Fixed CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11\n (bsc#1174538).\n * Fixed a bug with FileLink attachments included as a link and file when\n added from a network drive via drag &amp; drop (bmo#793118).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-08-14T21:14:07", "published": "2020-08-14T21:14:07", "id": "OPENSUSE-SU-2020:1205-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-11T13:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "This update for MozillaThunderbird fixes the following issues:\n\n - Updated to Mozilla Thunderbird 68.11:\n * Fixed various security issues (MFSA-2020-35, bsc#1174538).\n * Fixed CVE-2020-15652: Potential leak of redirect targets when loading\n scripts in a worker (bsc#1174538).\n * Fixed CVE-2020-6514: WebRTC data channel leaks internal address to\n peer (bsc#1174538).\n * Fixed CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture (bsc#1174538).\n * Fixed CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11\n (bsc#1174538).\n * Fixed a bug with FileLink attachments included as a link and file when\n added from a network drive via drag &amp; drop (bmo#793118).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-08-11T12:12:54", "published": "2020-08-11T12:12:54", "id": "OPENSUSE-SU-2020:1179-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:52:36", "bulletinFamily": "info", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "description": "### *Detect date*:\n07/28/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, spoof user interface.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 78.0.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2020-33](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2020-6463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463>)0.0Unknown \n[CVE-2020-6514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514>)0.0Unknown \n[CVE-2020-15658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15658>)0.0Unknown \n[CVE-2020-15653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15653>)0.0Unknown \n[CVE-2020-15652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652>)0.0Unknown \n[CVE-2020-15655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15655>)0.0Unknown \n[CVE-2020-15656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15656>)0.0Unknown \n[CVE-2020-15659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659>)0.0Unknown \n[CVE-2020-15657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15657>)0.0Unknown \n[CVE-2020-15654](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15654>)0.0Unknown", "edition": 1, "modified": "2020-07-31T00:00:00", "published": "2020-07-28T00:00:00", "id": "KLA11921", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11921", "title": "\r KLA11921Multiple vulnerabilites in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:52:59", "bulletinFamily": "info", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "description": "### *Detect date*:\n07/28/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface.\n\n### *Affected products*:\nMozilla Firefox earlier than 79\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA2020-30](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2020-6463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463>)6.8High \n[CVE-2020-6514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514>)4.3Warning \n[CVE-2020-15658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15658>)5.0Critical \n[CVE-2020-15653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15653>)5.0Critical \n[CVE-2020-15652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652>)5.0Critical \n[CVE-2020-15655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15655>)5.0Critical \n[CVE-2020-15656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15656>)5.0Critical \n[CVE-2020-15659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659>)5.0Critical \n[CVE-2020-15657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15657>)5.0Critical \n[CVE-2020-15654](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15654>)5.0Critical", "edition": 1, "modified": "2020-08-14T00:00:00", "published": "2020-07-28T00:00:00", "id": "KLA11919", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11919", "title": "\r KLA11919Multiple vulnerabilities in Mozilla Firefox ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:53:11", "bulletinFamily": "info", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "### *Detect date*:\n07/30/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 68.11\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2020-34](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2020-6463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463>)6.8High \n[CVE-2020-6514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514>)4.3Warning \n[CVE-2020-15652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652>)5.0Critical \n[CVE-2020-15659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659>)5.0Critical", "edition": 1, "modified": "2020-08-18T00:00:00", "published": "2020-07-30T00:00:00", "id": "KLA11924", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11924", "title": "\r KLA11924Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T17:10:42", "bulletinFamily": "info", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15650", "CVE-2020-15649", "CVE-2020-15659", "CVE-2020-6514"], "description": "### *Detect date*:\n07/28/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox ESR earlier than 68.11\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox ESR](<https://www.mozilla.org/en-US/firefox/enterprise/>)\n\n### *Original advisories*:\n[MFSA2020-31](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox ESR](<https://threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/>)\n\n### *CVE-IDS*:\n[CVE-2020-6463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463>)6.8High \n[CVE-2020-6514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514>)4.3Warning \n[CVE-2020-15652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652>)5.0Critical \n[CVE-2020-15659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659>)5.0Critical \n[CVE-2020-15650](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15650>)4.3Warning \n[CVE-2020-15649](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15649>)4.3Warning", "edition": 2, "modified": "2020-09-10T00:00:00", "published": "2020-07-28T00:00:00", "id": "KLA11920", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11920", "title": "\r KLA11920Multiple vulnerabilities in Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-14T15:45:54", "description": "The version of Firefox installed on the remote macOS or Mac OS X host is prior to 79.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2020-30 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-28T00:00:00", "title": "Mozilla Firefox < 79.0", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-07-28T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOS_FIREFOX_79_0.NASL", "href": "https://www.tenable.com/plugins/nessus/139039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-30.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139039);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-30\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"Mozilla Firefox < 79.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote macOS or Mac OS X host is prior to 79.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2020-30 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 79.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:FALSE, fix:'79.0', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-29T04:22:59", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-06T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "OPENSUSE-2020-1147.NASL", "href": "https://www.tenable.com/plugins/nessus/139356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1147.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139356);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\",\n \"CVE-2020-6463\",\n \"CVE-2020-6514\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)\");\n script_summary(english:\"Check for the openSUSE-2020-1147 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174538\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-branding-upstream-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-buildsymbols-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debuginfo-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debugsource-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-devel-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-common-78.1.0-lp151.2.61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-other-78.1.0-lp151.2.61.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:22:33", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-32 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-29T00:00:00", "title": "Mozilla Firefox ESR < 78.1", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-07-29T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_78_1_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/139074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-32.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139074);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-32\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-32 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'78.1', min:'78.0.0', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-29T04:23:40", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-10T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox"], "id": "OPENSUSE-2020-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/139444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1155.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139444);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\",\n \"CVE-2020-6463\",\n \"CVE-2020-6514\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)\");\n script_summary(english:\"Check for the openSUSE-2020-1155 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174538\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-branding-upstream-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-buildsymbols-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debuginfo-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debugsource-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-devel-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-common-78.1.0-lp152.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-other-78.1.0-lp152.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:22:34", "description": "The version of Firefox installed on the remote Windows host is prior to 79.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-30 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-28T00:00:00", "title": "Mozilla Firefox < 79.0", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-07-28T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_79_0.NASL", "href": "https://www.tenable.com/plugins/nessus/139040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-30.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139040);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-30\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"Mozilla Firefox < 79.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox installed on the remote Windows host is prior to 79.0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-30 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 79.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'79.0', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T15:46:53", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-33 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-04T00:00:00", "title": "Mozilla Thunderbird < 78.1", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-04T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_78_1.NASL", "href": "https://www.tenable.com/plugins/nessus/139317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-33.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139317);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/17\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-33\");\n\n script_name(english:\"Mozilla Thunderbird < 78.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-33 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'78.1', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T16:24:26", "description": "The version of Thunderbird installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-33 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-04T00:00:00", "title": "Mozilla Thunderbird < 78.1", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-04T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_78_1.NASL", "href": "https://www.tenable.com/plugins/nessus/139318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-33.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139318);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/17\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-33\");\n\n script_name(english:\"Mozilla Thunderbird < 78.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-33 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'78.1', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:29:18", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-03T00:00:00", "title": "SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel"], "id": "SUSE_SU-2020-2100-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2100-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139282);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-15652\", \"CVE-2020-15653\", \"CVE-2020-15654\", \"CVE-2020-15655\", \"CVE-2020-15656\", \"CVE-2020-15657\", \"CVE-2020-15658\", \"CVE-2020-15659\", \"CVE-2020-6463\", \"CVE-2020-6514\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.1.0 ESR\n\n - Fixed: Various stability, functionality, and security\n fixes (bsc#1174538)\n\n - CVE-2020-15652: Potential leak of redirect targets when\n loading scripts in a worker\n\n - CVE-2020-6514: WebRTC data channel leaks internal\n address to peer\n\n - CVE-2020-15655: Extension APIs could be used to bypass\n Same-Origin Policy\n\n - CVE-2020-15653: Bypassing iframe sandbox when allowing\n popups\n\n - CVE-2020-6463: Use-after-free in ANGLE\n gl::Texture::onUnbindAsSamplerTexture\n\n - CVE-2020-15656: Type confusion for special arguments in\n IonMonkey\n\n - CVE-2020-15658: Overriding file type when saving to disk\n\n - CVE-2020-15657: DLL hijacking due to incorrect loading\n path\n\n - CVE-2020-15654: Custom cursor can overlay user interface\n\n - CVE-2020-15659: Memory safety bugs fixed in Firefox 79\n and Firefox ESR 78.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15659/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-6514/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202100-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7dd6107\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2100=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2100=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2100=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2100=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2100=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2100=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2100=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2100=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2100=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2100=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2100=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2100=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-devel-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-devel-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debuginfo-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debugsource-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-devel-78.1.0-112.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-translations-common-78.1.0-112.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-01T14:57:54", "description": "This update for MozillaFirefox fixes the following issues :\n\nThis update for MozillaFirefox and pipewire fixes the following \nissues :\n\nMozillaFirefox Extended Support Release 78.1.0 ESR\n\nFixed: Various stability, functionality, and security fixes\n(bsc#1174538)\n\nCVE-2020-15652: Potential leak of redirect targets when loading\nscripts in a worker\n\nCVE-2020-6514: WebRTC data channel leaks internal address to peer\n\nCVE-2020-15655: Extension APIs could be used to bypass Same-Origin\nPolicy\n\nCVE-2020-15653: Bypassing iframe sandbox when allowing popups\n\nCVE-2020-6463: Use-after-free in ANGLE\ngl::Texture::onUnbindAsSamplerTexture\n\nCVE-2020-15656: Type confusion for special arguments in IonMonkey\n\nCVE-2020-15658: Overriding file type when saving to disk\n\nCVE-2020-15657: DLL hijacking due to incorrect loading path\n\nCVE-2020-15654: Custom cursor can overlay user interface\n\nCVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR\n78.1\n\npipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308) :\n\nExtensive memory leak fixing and stress testing was done. A big leak\nin screen sharing with DMA-BUF was fixed.\n\nCompile fixes\n\nStability improvements in jack and pulseaudio layers.\n\nAdded the old portal module to make the Camera portal work again. This\nwill be moved to the session manager in future versions.\n\nImprovements to the GStreamer source and sink shutdown.\n\nFix compatibility with v2 clients again when negotiating buffers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 7, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-07T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-08-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:pipewire-spa-plugins-0_2-debuginfo", "p-cpe:/a:novell:suse_linux:pipewire-spa-tools", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:libpipewire-0_3-0-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLE", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:pipewire-tools", "p-cpe:/a:novell:suse_linux:libpipewire-0_3", "p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:pipewire-modules", "p-cpe:/a:novell:suse_linux:pipewire-spa-plugins", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:pipewire-debuginfo", "p-cpe:/a:novell:suse_linux:pipewire-tools-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "p-cpe:/a:novell:suse_linux:pipewire-debugsource", "p-cpe:/a:novell:suse_linux:pipewire-spa-tools-debuginfo", "p-cpe:/a:novell:suse_linux:pipewire-modules-debuginfo", "p-cpe:/a:novell:suse_linux:pipewire", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel"], "id": "SUSE_SU-2020-2147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139406", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2147-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139406);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-15652\", \"CVE-2020-15653\", \"CVE-2020-15654\", \"CVE-2020-15655\", \"CVE-2020-15656\", \"CVE-2020-15657\", \"CVE-2020-15658\", \"CVE-2020-15659\", \"CVE-2020-6463\", \"CVE-2020-6514\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nThis update for MozillaFirefox and pipewire fixes the following \nissues :\n\nMozillaFirefox Extended Support Release 78.1.0 ESR\n\nFixed: Various stability, functionality, and security fixes\n(bsc#1174538)\n\nCVE-2020-15652: Potential leak of redirect targets when loading\nscripts in a worker\n\nCVE-2020-6514: WebRTC data channel leaks internal address to peer\n\nCVE-2020-15655: Extension APIs could be used to bypass Same-Origin\nPolicy\n\nCVE-2020-15653: Bypassing iframe sandbox when allowing popups\n\nCVE-2020-6463: Use-after-free in ANGLE\ngl::Texture::onUnbindAsSamplerTexture\n\nCVE-2020-15656: Type confusion for special arguments in IonMonkey\n\nCVE-2020-15658: Overriding file type when saving to disk\n\nCVE-2020-15657: DLL hijacking due to incorrect loading path\n\nCVE-2020-15654: Custom cursor can overlay user interface\n\nCVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR\n78.1\n\npipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308) :\n\nExtensive memory leak fixing and stress testing was done. A big leak\nin screen sharing with DMA-BUF was fixed.\n\nCompile fixes\n\nStability improvements in jack and pulseaudio layers.\n\nAdded the old portal module to make the Camera portal work again. This\nwill be moved to the session manager in future versions.\n\nImprovements to the GStreamer source and sink shutdown.\n\nFix compatibility with v2 clients again when negotiating buffers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15659/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-6463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-6514/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202147-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2265ffe8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2147=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15659\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpipewire-0_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpipewire-0_3-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-spa-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-spa-plugins-0_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-spa-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-spa-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pipewire-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-branding-SLE-78-9.2.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libpipewire-0_3-0-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libpipewire-0_3-0-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-debugsource-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-modules-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-modules-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-spa-plugins-0_2-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-spa-plugins-0_2-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-spa-tools-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-spa-tools-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-tools-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"pipewire-tools-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-branding-SLE-78-9.2.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.1.0-8.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libpipewire-0_3-0-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libpipewire-0_3-0-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-debugsource-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-modules-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-modules-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-spa-plugins-0_2-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-spa-plugins-0_2-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-spa-tools-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-spa-tools-debuginfo-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-tools-0.3.6-3.3.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"pipewire-tools-debuginfo-0.3.6-3.3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T15:45:53", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-32 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-29T00:00:00", "title": "Mozilla Firefox ESR < 78.1", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15652", "CVE-2020-15655", "CVE-2020-6463", "CVE-2020-15653", "CVE-2020-15656", "CVE-2020-15659", "CVE-2020-15654", "CVE-2020-6514", "CVE-2020-15657", "CVE-2020-15658"], "modified": "2020-07-29T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_78_1_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/139073", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-32.\n# The text itself is copyright (C) Mozilla Foundation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139073);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\n \"CVE-2020-6463\",\n \"CVE-2020-6514\",\n \"CVE-2020-15652\",\n \"CVE-2020-15653\",\n \"CVE-2020-15654\",\n \"CVE-2020-15655\",\n \"CVE-2020-15656\",\n \"CVE-2020-15657\",\n \"CVE-2020-15658\",\n \"CVE-2020-15659\"\n );\n script_xref(name:\"MFSA\", value:\"2020-32\");\n script_xref(name:\"IAVA\", value:\"2020-A-0344-S\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-32 advisory.\n\n - Inappropriate implementation in WebRTC in Google Chrome\n prior to 84.0.4147.89 allowed an attacker in a\n privileged network position to potentially exploit heap\n corruption via a crafted SCTP stream. (CVE-2020-6514)\n\n - Use after free in ANGLE in Google Chrome prior to\n 81.0.4044.122 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page.\n (CVE-2020-6463)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'78.1', min:'78.0.0', severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T22:03:08", "description": "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15654", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15654"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-15654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15654", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:08", "description": "A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15655", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15655"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-15655", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15655", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:08", "description": "An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15653", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15653"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-15653", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15653", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:08", "description": "The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15658", "type": "cve", "cwe": ["CWE-754"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15658"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-15658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15658", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:08", "description": "JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15656", "type": "cve", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15656"], "modified": "2020-08-18T14:15:00", "cpe": ["cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-15656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15656", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:08", "description": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15652", "type": "cve", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15652"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-15652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15652", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:08", "description": "Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-10T18:15:00", "title": "CVE-2020-15659", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15659"], "modified": "2020-08-21T18:21:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-15659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15659", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-01-04T01:53:41", "description": "Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.", "edition": 22, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-22T17:15:00", "title": "CVE-2020-6514", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6514"], "modified": "2021-01-02T16:15:00", "cpe": [], "id": "CVE-2020-6514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6514", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:17", "description": "Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 22, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-21T04:15:00", "title": "CVE-2020-6463", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6463"], "modified": "2020-08-18T14:15:00", "cpe": [], "id": "CVE-2020-6463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "oraclelinux": [{"lastseen": "2020-08-20T13:40:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1.el8_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.11.0-1]\n- Update to 68.11.0 build1", "edition": 2, "modified": "2020-08-06T00:00:00", "published": "2020-08-06T00:00:00", "id": "ELSA-2020-3341", "href": "http://linux.oracle.com/errata/ELSA-2020-3341.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.11.0-1]\n- Update to 68.11.0 build1", "edition": 3, "modified": "2020-08-07T00:00:00", "published": "2020-08-07T00:00:00", "id": "ELSA-2020-3344", "href": "http://linux.oracle.com/errata/ELSA-2020-3344.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:41:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[68.11.0-1]\n- Update to 68.11.0 build1", "edition": 2, "modified": "2020-08-08T00:00:00", "published": "2020-08-08T00:00:00", "id": "ELSA-2020-3345", "href": "http://linux.oracle.com/errata/ELSA-2020-3345.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1]\n- Remove upstream references [Orabug: 30143292]\n- Update distribution for Oracle Linux [Orabug: 30143292]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n* Thu Jul 23 2020 Jan Horak \n- Update to 68.11.0 build1", "edition": 5, "modified": "2020-07-31T00:00:00", "published": "2020-07-31T00:00:00", "id": "ELSA-2020-3253", "href": "http://linux.oracle.com/errata/ELSA-2020-3253.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:39:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1]\n- Removed Upstream references\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[68.11.0-1]\n- Update to 68.11.0 build1", "edition": 2, "modified": "2020-07-30T00:00:00", "published": "2020-07-30T00:00:00", "id": "ELSA-2020-3241", "href": "http://linux.oracle.com/errata/ELSA-2020-3241.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:43:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "[68.11.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n* Thu Jul 23 2020 Jan Horak \n- Update to 68.11.0 build1", "edition": 3, "modified": "2020-07-31T00:00:00", "published": "2020-07-31T00:00:00", "id": "ELSA-2020-3233", "href": "http://linux.oracle.com/errata/ELSA-2020-3233.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-10-17T13:50:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2310-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nAugust 02, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nVersion : 1:68.11.0-1~deb9u1\nCVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659\n\nMultiple security issues have been found in Thunderbird which could\nresult in denial of service or potentially the execution of arbitrary\ncode.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:68.11.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-08-02T22:01:17", "published": "2020-08-02T22:01:17", "id": "DEBIAN:DLA-2310-1:89E38", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202008/msg00006.html", "title": "[SECURITY] [DLA 2310-1] thunderbird security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-11T01:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2297-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 29, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nVersion : 68.11.0esr-1~deb9u1\nCVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode.\n\nFor Debian 9 stretch, these problems have been fixed in version\n68.11.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-07-29T09:56:34", "published": "2020-07-29T09:56:34", "id": "DEBIAN:DLA-2297-1:4B6B0", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00027.html", "title": "[SECURITY] [DLA 2297-1] firefox-esr security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T01:01:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4740-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 02, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659\n\nMultiple security issues have been found in Thunderbird which could\nresult in denial of service or potentially the execution of arbitrary\ncode.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:68.11.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2020-08-02T17:44:53", "published": "2020-08-02T17:44:53", "id": "DEBIAN:DSA-4740-1:75F4C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00146.html", "title": "[SECURITY] [DSA 4740-1] thunderbird security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-29T13:06:33", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4736-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 29, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659\n\nMultiple security issues have been found in the Mozilla Firefox\nweb browser, which could potentially result in the execution of\narbitrary code or an information leak.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 68.11.0esr-1~deb10u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 5, "modified": "2020-07-29T18:05:00", "published": "2020-07-29T18:05:00", "id": "DEBIAN:DSA-4736-1:A45B9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00142.html", "title": "[SECURITY] [DSA 4736-1] firefox-esr security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "**Issue Overview:**\n\nUse after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ([CVE-2020-6463 __](<https://access.redhat.com/security/cve/CVE-2020-6463>))\n\nBy observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. ([CVE-2020-15652 __](<https://access.redhat.com/security/cve/CVE-2020-15652>))\n\nMozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. ([CVE-2020-15659 __](<https://access.redhat.com/security/cve/CVE-2020-15659>))\n\nInappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. ([CVE-2020-6514 __](<https://access.redhat.com/security/cve/CVE-2020-6514>)) \n\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n thunderbird-68.11.0-1.amzn2.aarch64 \n thunderbird-debuginfo-68.11.0-1.amzn2.aarch64 \n \n src: \n thunderbird-68.11.0-1.amzn2.src \n \n x86_64: \n thunderbird-68.11.0-1.amzn2.x86_64 \n thunderbird-debuginfo-68.11.0-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-09-01T00:40:00", "published": "2020-09-01T00:40:00", "id": "ALAS2-2020-1487", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1487.html", "title": "Important: thunderbird", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-08-20T13:40:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3233\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-August/035796.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-08-07T13:02:21", "published": "2020-08-07T13:02:21", "id": "CESA-2020:3233", "href": "http://lists.centos.org/pipermail/centos-announce/2020-August/035796.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3344\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-August/035797.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-08-07T13:03:15", "published": "2020-08-07T13:03:15", "id": "CESA-2020:3344", "href": "http://lists.centos.org/pipermail/centos-announce/2020-August/035797.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:42:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3253\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-August/035798.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-08-07T13:04:05", "published": "2020-08-07T13:04:05", "id": "CESA-2020:3253", "href": "http://lists.centos.org/pipermail/centos-announce/2020-August/035798.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T13:41:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3345\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-August/035795.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2020-08-07T13:01:09", "published": "2020-08-07T13:01:09", "id": "CESA-2020:3345", "href": "http://lists.centos.org/pipermail/centos-announce/2020-August/035795.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-08-20T10:06:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-30T01:06:15", "published": "2020-07-30T01:02:10", "id": "RHSA-2020:3229", "href": "https://access.redhat.com/errata/RHSA-2020:3229", "type": "redhat", "title": "(RHSA-2020:3229) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:06:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-06T11:03:03", "published": "2020-08-06T10:52:43", "id": "RHSA-2020:3341", "href": "https://access.redhat.com/errata/RHSA-2020:3341", "type": "redhat", "title": "(RHSA-2020:3341) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:07:33", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-30T02:18:38", "published": "2020-07-30T02:08:03", "id": "RHSA-2020:3233", "href": "https://access.redhat.com/errata/RHSA-2020:3233", "type": "redhat", "title": "(RHSA-2020:3233) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:07:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-06T13:30:18", "published": "2020-08-06T13:21:21", "id": "RHSA-2020:3345", "href": "https://access.redhat.com/errata/RHSA-2020:3345", "type": "redhat", "title": "(RHSA-2020:3345) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:06:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-06T12:43:20", "published": "2020-08-06T12:34:29", "id": "RHSA-2020:3344", "href": "https://access.redhat.com/errata/RHSA-2020:3344", "type": "redhat", "title": "(RHSA-2020:3344) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:07:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-30T23:17:24", "published": "2020-07-30T22:59:07", "id": "RHSA-2020:3254", "href": "https://access.redhat.com/errata/RHSA-2020:3254", "type": "redhat", "title": "(RHSA-2020:3254) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:06:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-06T10:57:03", "published": "2020-08-06T10:52:46", "id": "RHSA-2020:3343", "href": "https://access.redhat.com/errata/RHSA-2020:3343", "type": "redhat", "title": "(RHSA-2020:3343) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:06:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-30T23:03:36", "published": "2020-07-30T22:54:11", "id": "RHSA-2020:3253", "href": "https://access.redhat.com/errata/RHSA-2020:3253", "type": "redhat", "title": "(RHSA-2020:3253) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:05:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 68.11.0.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-06T11:00:35", "published": "2020-08-06T10:52:44", "id": "RHSA-2020:3342", "href": "https://access.redhat.com/errata/RHSA-2020:3342", "type": "redhat", "title": "(RHSA-2020:3342) Important: thunderbird security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-20T10:05:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.11.0 ESR.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in ANGLE (CVE-2020-6463)\n\n* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)\n\n* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)\n\n* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-30T11:25:26", "published": "2020-07-30T11:15:41", "id": "RHSA-2020:3241", "href": "https://access.redhat.com/errata/RHSA-2020:3241", "type": "redhat", "title": "(RHSA-2020:3241) Important: firefox security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-07-31T23:27:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659", "CVE-2020-6514"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-68.11.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-68.11.0\"", "edition": 1, "modified": "2020-07-31T00:00:00", "published": "2020-07-31T00:00:00", "id": "GLSA-202007-64", "href": "https://security.gentoo.org/glsa/202007-64", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-30T07:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-6463", "CVE-2020-15659"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-68.11.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-68.11.0\"", "edition": 1, "modified": "2020-07-30T00:00:00", "published": "2020-07-30T00:00:00", "id": "GLSA-202007-60", "href": "https://security.gentoo.org/glsa/202007-60", "title": "Mozilla Firefox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15652", "CVE-2020-15659", "CVE-2020-6463", "CVE-2020-6514"], "description": "New mozilla-thunderbird packages are available for Slackware 14.2 and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-thunderbird-68.11.0-i686-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://www.mozilla.org/en-US/thunderbird/68.11.0/releasenotes/\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-68.11.0-i686-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-68.11.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-68.11.0-i686-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-68.11.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 package:\n5d9ae283ebf0dde51e5cb0ada93257b5 mozilla-thunderbird-68.11.0-i686-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nb68b39d5c79d5b828b3405ba233e84d7 mozilla-thunderbird-68.11.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nfefd9e60088dba0ff057602b0f17d5f9 xap/mozilla-thunderbird-68.11.0-i686-1.txz\n\nSlackware x86_64 -current package:\nb92d5fd2fa384c1b03261d38c11e8cc8 xap/mozilla-thunderbird-68.11.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-thunderbird-68.11.0-i686-1_slack14.2.txz", "modified": "2020-08-01T00:12:19", "published": "2020-08-01T00:12:19", "id": "SSA-2020-213-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.383718", "type": "slackware", "title": "[slackware-security] mozilla-thunderbird", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}