Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310809804HistoryNov 16, 2016 - 12:00 a.m.
Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Mac OS X
2016-11-1600:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
14
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%
Mozilla Firefox is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:mozilla:firefox";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.809804");
script_version("2024-02-15T05:05:40+0000");
script_cve_id("CVE-2016-5296", "CVE-2016-5292", "CVE-2016-5297", "CVE-2016-9064",
"CVE-2016-9066", "CVE-2016-9067", "CVE-2016-5290", "CVE-2016-9068",
"CVE-2016-9072", "CVE-2016-9075", "CVE-2016-9077", "CVE-2016-5291",
"CVE-2016-9070", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9076",
"CVE-2016-9063", "CVE-2016-9071", "CVE-2016-5289");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-07-30 12:53:00 +0000 (Mon, 30 Jul 2018)");
script_tag(name:"creation_date", value:"2016-11-16 12:25:23 +0530 (Wed, 16 Nov 2016)");
script_name("Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Mac OS X");
script_tag(name:"summary", value:"Mozilla Firefox is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- Heap-buffer-overflow WRITE in rasterize_edges_1.
- URL parsing causes crash.
- Incorrect argument length checking in JavaScript.
- Add-ons update must verify IDs match between current and new versions.
- Integer overflow leading to a buffer overflow in nsScriptLoadHandler.
- heap-use-after-free in nsINode::ReplaceOrInsertBefore.
- heap-use-after-free in nsRefreshDriver.
- 64-bit NPAPI sandbox is not enabled on fresh profile.
- WebExtensions can access the mozAddonManager API and use it to gain elevated
privileges.
- Canvas filters allow feDisplacementMaps to be applied to cross-origin images,
allowing timing attacks on them.
- Same-origin policy violation using local HTML file and saved shortcut file.
- Sidebar bookmark can have reference to chrome window.
- Insufficient timing side-channel resistance in divSpoiler.
- select dropdown menu can be used for URL bar spoofing on e10s.
- Possible integer overflow to fix inside XML_Parse in Expat.
- Probe browser history via HSTS/301 redirect + CSP.");
script_tag(name:"impact", value:"Successful exploitation of this
vulnerability will allow remote attackers to execute arbitrary code, to delete
arbitrary files by leveraging certain local file execution, to obtain sensitive
information, and to cause a denial of service.");
script_tag(name:"affected", value:"Mozilla Firefox version before
50 on Mac OS X.");
script_tag(name:"solution", value:"Upgrade to Mozilla Firefox version 50
or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94336");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94337");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94342");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94339");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("General");
script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
script_mandatory_keys("Mozilla/Firefox/MacOSX/Version");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!ffVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:ffVer, test_version:"50.0"))
{
report = report_fixed_ver(installed_version:ffVer, fixed_version:"50.0");
security_message(data:report);
exit(0);
}
Related
archlinux
archlinux
[ASA-201611-16] firefox: multiple issues
2016-11-16 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-89) - Linux
2021-11-08 00:00:00
openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)
2016-11-19 00:00:00
Ubuntu: Security Advisory (USN-3124-1)
2016-11-19 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-11-18 17:06:44
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-05 21:07:10
Security update for Mozilla Firefox, Thunderbird and NSS (important)
2016-12-05 19:07:18
nessus
nessus
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)
2016-11-21 00:00:00
Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)
2016-11-18 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3124-1)
2016-11-21 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-11-19 00:00:00
Thunderbird vulnerabilities
2016-12-01 00:00:00
kaspersky
kaspersky
KLA11272 Multiple vulnerabilities in Mozilla Firefox
2016-11-15 00:00:00
debian
debian
[SECURITY] [DSA 3716-1] firefox-esr security update
2016-11-16 21:27:57
[SECURITY] [DLA 730-1] firefox-esr security update
2016-12-01 21:45:13
[SECURITY] [DSA 3730-1] icedove security update
2016-12-11 16:05:42
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2016-11-17 17:10:52
Updated thunderbird packages fix security vulnerabilities
2016-12-06 00:49:27
Updated iceape packages fix security vulnerabilities
2017-09-02 00:10:29
centos
centos
firefox security update
2016-11-19 11:43:55
thunderbird security update
2016-12-01 15:29:44
oraclelinux
oraclelinux
firefox security update
2016-11-16 00:00:00
thunderbird security update
2016-11-29 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-11-15 00:00:00
redhat
redhat
(RHSA-2016:2780) Critical: firefox security update
2016-11-16 00:00:00
(RHSA-2016:2825) Important: thunderbird security update
2016-11-29 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 50 — Mozilla
2016-11-15 00:00:00
Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla
2016-11-18 00:00:00
Security vulnerabilities fixed in Firefox ESR 45.5 — Mozilla
2016-11-15 00:00:00
osv
osv
icedove - security update
2016-12-17 00:00:00
firefox-esr - security update
2016-12-01 00:00:00
CVE-2016-9063
2018-06-11 21:29:00
ibm
ibm
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
prion
prion
redhatcve
redhatcve
veracode
veracode
Certificate Validation Bypas
2019-05-02 06:02:31
Denial Of Service (DoS)
2019-01-15 09:14:49
Denial Of Service (DoS) Through Integer Overflow
2017-09-07 02:02:13
seebug
seebug
myhack58
myhack58
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.0%
Related for OPENVAS:1361412562310809804