Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6747-1.NASL
HistoryApr 24, 2024 - 12:00 a.m.

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)

2024-04-2400:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
ubuntu 20.04 lts
firefox vulnerabilities
usn-6747-1
out of memory
jit optimizations
use-after-free
memory safety bug
thunderbird
cve-2024-3302
cve-2024-3852
cve-2024-3853
cve-2024-3854
cve-2024-3855
cve-2024-3856
cve-2024-3857
cve-2024-3858
cve-2024-3859
cve-2024-3860
cve-2024-3861
cve-2024-3862
cve-2024-3864
cve-2024-3865

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory.

  • There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  • GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  • A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125. (CVE-2024-3853)

  • In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of- bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  • In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125. (CVE-2024-3855)

  • A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125. (CVE-2024-3856)

  • The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3857)

  • It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125. (CVE-2024-3858)

  • On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3859)

  • An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125. (CVE-2024-3860)

  • If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3861)

  • The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125. (CVE-2024-3862)

  • Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

  • Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125. (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6747-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193788);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/17");

  script_cve_id(
    "CVE-2024-3302",
    "CVE-2024-3852",
    "CVE-2024-3853",
    "CVE-2024-3854",
    "CVE-2024-3855",
    "CVE-2024-3856",
    "CVE-2024-3857",
    "CVE-2024-3858",
    "CVE-2024-3859",
    "CVE-2024-3860",
    "CVE-2024-3861",
    "CVE-2024-3862",
    "CVE-2024-3864",
    "CVE-2024-3865"
  );
  script_xref(name:"USN", value:"6747-1");
  script_xref(name:"IAVA", value:"2024-A-0245-S");

  script_name(english:"Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-6747-1 advisory.

  - There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could
    abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125,
    Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3302)

  - GetBoundName could return the wrong version of an object when JIT optimizations were applied. This
    vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-3852)

  - A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage
    collection started. This vulnerability affects Firefox < 125. (CVE-2024-3853)

  - In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-
    bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3854)

  - In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This
    vulnerability affects Firefox < 125. (CVE-2024-3855)

  - A use-after-free could occur during WASM execution if garbage collection ran during the creation of an
    array. This vulnerability affects Firefox < 125. (CVE-2024-3856)

  - The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free
    crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and
    Thunderbird < 115.10. (CVE-2024-3857)

  - It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This
    vulnerability affects Firefox < 125. (CVE-2024-3858)

  - On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could
    be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,
    and Thunderbird < 115.10. (CVE-2024-3859)

  - An out-of-memory condition during object initialization could result in an empty shape list. If the JIT
    subsequently traced the object it would crash. This vulnerability affects Firefox < 125. (CVE-2024-3860)

  - If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect
    reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10,
    and Thunderbird < 115.10. (CVE-2024-3861)

  - The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it
    were used in a self-assignment. This vulnerability affects Firefox < 125. (CVE-2024-3862)

  - Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed
    evidence of memory corruption and we presume that with enough effort this could have been exploited to run
    arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
    (CVE-2024-3864)

  - Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we
    presume that with enough effort some of these could have been exploited to run arbitrary code. This
    vulnerability affects Firefox < 125. (CVE-2024-3865)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6747-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-3864");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-szl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '20.04', 'pkgname': 'firefox', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-dev', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-geckodriver', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-af', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-an', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-as', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-az', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-be', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-br', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-cak', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-da', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-de', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-el', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-en', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-es', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-et', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-gn', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-he', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ia', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-id', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-is', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-it', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-kab', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-km', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-my', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ne', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-or', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-si', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-szl', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-te', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-tg', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-th', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-ur', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-uz', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'},
    {'osver': '20.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '125.0.2+build1-0ubuntu0.20.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-geckodriver / firefox-locale-af / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxfirefox-locale-srp-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr
canonicalubuntu_linuxfirefox-locale-gdp-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd
canonicalubuntu_linuxfirefox-geckodriverp-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver
canonicalubuntu_linuxfirefox-locale-orp-cpe:/a:canonical:ubuntu_linux:firefox-locale-or
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxfirefox-locale-itp-cpe:/a:canonical:ubuntu_linux:firefox-locale-it
canonicalubuntu_linuxfirefox-locale-kop-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko
canonicalubuntu_linuxfirefox-locale-rop-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro
canonicalubuntu_linuxfirefox-locale-xhp-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh
canonicalubuntu_linuxfirefox-locale-pap-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa
Rows per page:
1-10 of 991

Related

ubuntu 3
osv 14
openvas 22
nessus 52
mozilla 3
kaspersky 3
redhat 18
debian 4
rocky 3
almalinux 2
oraclelinux 4
mageia 2
slackware 1
gentoo 1
ubuntucve 9
veracode 11
cve 8
debiancve 10
nvd 8
vulnrichment 4
cvelist 10
redhatcve 4
cgr 3
ubuntu
ubuntu
Firefox regressions
2024-05-02 00:00:00
Firefox vulnerabilities
2024-04-24 00:00:00
Thunderbird vulnerabilities
2024-04-25 00:00:00
osv
osv
firefox regressions
2024-05-02 03:20:32
firefox vulnerabilities
2024-04-24 04:43:24
thunderbird vulnerabilities
2024-04-25 03:24:59
openvas
openvas
Ubuntu: Security Advisory (USN-6747-2)
2024-05-02 00:00:00
Ubuntu: Security Advisory (USN-6747-1)
2024-04-25 00:00:00
Mozilla Firefox Security Update (mfsa_2024-18) - Windows
2024-04-17 00:00:00
nessus
nessus
Fedora 40 : firefox (2024-c6a1d4e0ec)
2024-04-29 00:00:00
Fedora 39 : firefox (2024-121f5cec9f)
2024-04-17 00:00:00
Mozilla Firefox < 125.0
2024-04-16 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 125 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
2024-04-16 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.10 — Mozilla
2024-04-16 00:00:00
kaspersky
kaspersky
KLA65639 Multiple vulnerabilities in Mozilla Firefox
2024-04-16 00:00:00
KLA65640 Multiple vulnerabilities in Mozilla Firefox ESR
2024-04-16 00:00:00
KLA65693 Multiple vulnerabilities in Mozilla Thunderbird
2024-04-16 00:00:00
redhat
redhat
(RHSA-2024:1906) Important: firefox security update
2024-04-18 09:05:27
(RHSA-2024:1908) Important: firefox security update
2024-04-18 09:05:44
(RHSA-2024:1904) Important: firefox security update
2024-04-18 08:52:48
debian
debian
[SECURITY] [DLA 3790-1] firefox-esr security update
2024-04-19 10:40:02
[SECURITY] [DLA 3791-1] thunderbird security update
2024-04-22 08:49:04
[SECURITY] [DSA 5670-1] thunderbird security update
2024-04-22 07:42:03
rocky
rocky
firefox security update
2024-05-10 14:32:42
firefox security update
2024-05-06 13:04:21
thunderbird security update
2024-05-06 13:04:21
almalinux
almalinux
Important: firefox security update
2024-04-18 00:00:00
Important: firefox security update
2024-04-18 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-19 00:00:00
firefox security update
2024-04-18 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-04-27 03:37:18
Updated firefox packages fix security vulnerabilities
2024-04-27 09:26:16
slackware
slackware
[slackware-security] mozilla-firefox
2024-04-16 18:53:34
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2024-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2024-3853
2024-04-16 00:00:00
CVE-2024-3852
2024-04-16 00:00:00
CVE-2024-3860
2024-04-16 00:00:00
veracode
veracode
Use-After-Free
2024-04-19 01:24:09
Incorrect Return Value
2024-04-19 01:24:15
Denial Of Service (DoS)
2024-04-19 01:20:21
cve
cve
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3856
2024-04-16 16:15:08
CVE-2024-3860
2024-04-16 16:15:08
debiancve
debiancve
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3860
2024-04-16 16:15:08
nvd
nvd
CVE-2024-3853
2024-04-16 16:15:08
CVE-2024-3854
2024-04-16 16:15:08
CVE-2024-3852
2024-04-16 16:15:08
vulnrichment
vulnrichment
CVE-2024-3853
2024-04-16 15:14:05
CVE-2024-3854
2024-04-16 15:14:05
CVE-2024-3852
2024-04-16 15:14:05
cvelist
cvelist
CVE-2024-3853
2024-04-16 15:14:05
CVE-2024-3852
2024-04-16 15:14:05
CVE-2024-3856
2024-04-16 15:14:06
redhatcve
redhatcve
CVE-2024-3852
2024-04-18 10:00:00
CVE-2024-3861
2024-04-18 10:00:18
CVE-2024-3854
2024-04-17 19:53:30
cgr
cgr
CVE-2024-3854 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3861 vulnerabilities
2024-05-19 03:07:16
CVE-2024-3857 vulnerabilities
2024-05-19 03:07:16

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON
Related for UBUNTU_USN-6747-1.NASL
ubuntu3osv14openvas22nessus52mozilla3kaspersky3redhat18debian4rocky3almalinux2oraclelinux4mageia2slackware1gentoo1ubuntucve9veracode11cve8debiancve10nvd8vulnrichment4cvelist10redhatcve4cgr3