Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310808158
HistoryJun 08, 2016 - 12:00 a.m.

Mozilla Firefox ESR Security Advisories (MFSA2016-49, MFSA2016-61) - Mac OS X

2016-06-0800:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.613 Medium

EPSS

Percentile

97.8%

JSON

Mozilla Firefox ESR is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:firefox_esr";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.808158");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2016-2831", "CVE-2016-2828", "CVE-2016-2826", "CVE-2016-2824",
                "CVE-2016-2822", "CVE-2016-2821", "CVE-2016-2819", "CVE-2016-2818");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-30 16:27:00 +0000 (Tue, 30 Oct 2018)");
  script_tag(name:"creation_date", value:"2016-06-08 11:15:56 +0530 (Wed, 08 Jun 2016)");
  script_name("Mozilla Firefox ESR Security Advisories (MFSA2016-49, MFSA2016-61) - Mac OS X");

  script_tag(name:"summary", value:"Mozilla Firefox ESR is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - An improper handling of paired fullscreen and pointerlock requests in
    combination with closing windows.

  - The use of a texture after its recycle pool has been destroyed during
    WebGL operations.

  - The files extracted by the updater from a MAR archive are not locked
    for writing and can be overwritten by other processes while the updater
    is running.

  - An improper size checking while writing to an array during some WebGL
    shader operations.

  - A use-after-free in contenteditable mode.

  - An improper parsing of HTML5 fragments in a foreign context.

  - The memory safety bugs in the browser engine.");

  script_tag(name:"impact", value:"Successful exploitation of this vulnerability
  will allow remote attackers  to execute arbitrary code, to delete arbitrary files
  by leveraging certain local file execution, to obtain sensitive information,
  and to cause a denial of service.");

  script_tag(name:"affected", value:"Mozilla Firefox ESR versions before 45.2.");

  script_tag(name:"solution", value:"Update to version 45.2 or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"executable_version");

  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("Mozilla/Firefox-ESR/MacOSX/Version");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"45.2")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"45.2", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

nessus 28
openvas 38
redhat 2
debian 4
mageia 2
ibm 2
oraclelinux 2
centos 2
suse 8
kaspersky 1
archlinux 2
freebsd 1
ubuntu 2
mozilla 8
ubuntucve 8
prion 8
debiancve 8
redhatcve 6
veracode 6
cve 8
osv 2
exploitpack 2
packetstorm 2
exploitdb 2
nessus
nessus
Firefox ESR 45.x < 45.2 Multiple Vulnerabilities
2016-06-09 00:00:00
Debian DLA-521-1 : firefox-esr security update
2016-06-20 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160608)
2016-06-17 00:00:00
openvas
openvas
Mozilla Firefox ESR Security Advisories (MFSA2016-49, MFSA2016-61) - Windows
2016-06-08 00:00:00
Debian: Security Advisory (DSA-3600-1)
2016-06-08 00:00:00
RedHat Update for firefox RHSA-2016:1217-01
2016-06-09 00:00:00
redhat
redhat
(RHSA-2016:1217) Critical: firefox security update
2016-06-08 00:00:00
(RHSA-2016:1392) Important: thunderbird security update
2016-07-11 00:00:00
debian
debian
[SECURITY] [DLA 521-1] firefox-esr security update
2016-06-19 19:59:23
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update
2016-06-09 20:28:09
[SECURITY] [DSA 3647-1] icedove security update
2016-08-11 19:16:15
mageia
mageia
Updated firefox packages fix security vulnerabilities
2016-06-09 15:45:26
Updated thunderbird packages fix security vulnerability
2016-07-14 23:33:59
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
2018-06-18 00:28:01
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:28:02
oraclelinux
oraclelinux
firefox security update
2016-06-08 00:00:00
thunderbird security update
2016-07-11 00:00:00
centos
centos
firefox security update
2016-06-08 23:13:32
thunderbird security update
2016-07-11 21:49:16
suse
suse
Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (important)
2016-07-14 15:08:10
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (important)
2016-06-27 20:08:30
Security update for MozillaFirefox, mozilla-nss (important)
2016-06-11 14:11:17
kaspersky
kaspersky
KLA10822 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-06-07 00:00:00
archlinux
archlinux
firefox: multiple issues
2016-06-08 00:00:00
thunderbird: arbitrary code execution
2016-07-10 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-06-07 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-06-09 00:00:00
Thunderbird vulnerabilities
2016-07-18 00:00:00
mozilla
mozilla
File overwrite and privilege escalation through Mozilla Windows updater — Mozilla
2016-06-07 00:00:00
Addressbar spoofing though the SELECT element — Mozilla
2016-06-07 00:00:00
Out-of-bounds write with WebGL shader — Mozilla
2016-06-07 00:00:00
ubuntucve
ubuntucve
CVE-2016-2822
2016-06-08 00:00:00
CVE-2016-2824
2016-06-13 00:00:00
CVE-2016-2831
2016-06-08 00:00:00
prion
prion
Design/Logic Flaw
2016-06-13 10:59:00
Out-of-bounds
2016-06-13 10:59:00
Design/Logic Flaw
2016-06-13 10:59:00
debiancve
debiancve
CVE-2016-2831
2016-06-13 10:59:00
CVE-2016-2824
2016-06-13 10:59:00
CVE-2016-2821
2016-06-13 10:59:00
redhatcve
redhatcve
CVE-2016-2822
2016-06-08 04:18:56
CVE-2016-2821
2016-06-08 04:18:35
CVE-2016-2831
2016-06-08 04:18:30
veracode
veracode
Spoofable UI
2019-05-02 05:34:36
Denial Of Service (DoS)
2019-05-02 05:34:37
Arbitrary Code Execution
2019-05-02 05:34:36
cve
cve
CVE-2016-2824
2016-06-13 10:59:00
CVE-2016-2822
2016-06-13 10:59:00
CVE-2016-2821
2016-06-13 10:59:00
osv
osv
icedove - security update
2016-07-30 00:00:00
icedove - security update
2016-08-11 00:00:00
exploitpack
exploitpack
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
packetstorm
packetstorm
Firefox 46.0.1 ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
Firefox 44.0.2 ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
exploitdb
exploitdb
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.613 Medium

EPSS

Percentile

97.8%

JSON
Related for OPENVAS:1361412562310808158
nessus28openvas38redhat2debian4mageia2ibm2oraclelinux2centos2suse8kaspersky1archlinux2freebsd1ubuntu2mozilla8ubuntucve8prion8debiancve8redhatcve6veracode6cve8osv2exploitpack2packetstorm2exploitdb2