{"id": "OPENVAS:1361412562310809806", "type": "openvas", "bulletinFamily": "scanner", "title": "Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows", "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "published": "2016-11-16T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809806", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/"], "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5293"], "lastseen": "2019-07-19T22:12:04", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201611-16"]}, {"type": "centos", "idList": ["CESA-2016:2780", "CESA-2016:2825"]}, {"type": "cve", "idList": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"]}, {"type": "debian", "idList": ["DEBIAN:DLA-730-1:11C56", "DEBIAN:DLA-730-1:42601", "DEBIAN:DLA-752-1:F9780", "DEBIAN:DLA-759-1:AE95E", "DEBIAN:DSA-3716-1:B4B8D", "DEBIAN:DSA-3730-1:96B35", "DEBIAN:DSA-3730-1:A6927"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5290", "DEBIANCVE:CVE-2016-5291", "DEBIANCVE:CVE-2016-5293", "DEBIANCVE:CVE-2016-5294", "DEBIANCVE:CVE-2016-5296", "DEBIANCVE:CVE-2016-5297", "DEBIANCVE:CVE-2016-9064", "DEBIANCVE:CVE-2016-9066", "DEBIANCVE:CVE-2016-9074"]}, {"type": "freebsd", "idList": ["D1853110-07F4-4645-895B-6FD462AD0589"]}, {"type": "gentoo", "idList": ["GLSA-201701-15", "GLSA-201701-46"]}, {"type": "ibm", "idList": ["866671D49CDD6F2D149E9EFDE55198073DD8C70E52CD0D773C383F6D40F3F73A", "921DFDB03FD53AE441193B49E1E79D7A01B14E10BC6418004E92AF484A8DC73E", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "A079CA67676503E95213F78F0E643AA0E3EBA8D2AECFD368FEC0DD7CB2B6EB1E", "C5BC6A8A20C5E595B6773CB368EFD7BC771C03C2AD355C52EF7D05090227DAB5"]}, {"type": "kaspersky", "idList": ["KLA11272"]}, {"type": "mageia", "idList": ["MGASA-2016-0379", "MGASA-2016-0409", "MGASA-2017-0323"]}, {"type": "mozilla", "idList": ["MFSA2016-89", "MFSA2016-90", "MFSA2016-93"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784623"]}, {"type": "nessus", "idList": ["9804.PRM", "9805.PRM", "CENTOS_RHSA-2016-2780.NASL", "CENTOS_RHSA-2016-2825.NASL", "DEBIAN_DLA-730.NASL", "DEBIAN_DLA-752.NASL", "DEBIAN_DLA-759.NASL", "DEBIAN_DSA-3716.NASL", "DEBIAN_DSA-3730.NASL", "EULEROS_SA-2016-1085.NASL", "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "GENTOO_GLSA-201701-15.NASL", "GENTOO_GLSA-201701-46.NASL", "MACOSX_FIREFOX_45_5_ESR.NASL", "MACOSX_FIREFOX_50_0.NASL", "MOZILLA_FIREFOX_45_5_ESR.NASL", "MOZILLA_FIREFOX_50_0.NASL", "OPENSUSE-2016-1334.NASL", "OPENSUSE-2016-1407.NASL", "ORACLELINUX_ELSA-2016-2780.NASL", "ORACLELINUX_ELSA-2016-2825.NASL", "REDHAT-RHSA-2016-2780.NASL", "REDHAT-RHSA-2016-2825.NASL", "SL_20161116_FIREFOX_ON_SL5_X.NASL", "SL_20161129_THUNDERBIRD_ON_SL5_X.NASL", "SUSE_SU-2016-3014-1.NASL", "SUSE_SU-2016-3080-1.NASL", "SUSE_SU-2016-3105-1.NASL", "UBUNTU_USN-3124-1.NASL", "UBUNTU_USN-3141-1.NASL", "UBUNTU_USN-3163-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703716", "OPENVAS:1361412562310703730", "OPENVAS:1361412562310809804", "OPENVAS:1361412562310809805", "OPENVAS:1361412562310809807", "OPENVAS:1361412562310809821", "OPENVAS:1361412562310809822", "OPENVAS:1361412562310842953", "OPENVAS:1361412562310842967", "OPENVAS:1361412562310843006", "OPENVAS:1361412562310851435", "OPENVAS:1361412562310851442", "OPENVAS:1361412562310871719", "OPENVAS:1361412562310871724", "OPENVAS:1361412562310882592", "OPENVAS:1361412562310882595", "OPENVAS:1361412562310882603", "OPENVAS:1361412562310882604", "OPENVAS:1361412562311220161085", "OPENVAS:703716", "OPENVAS:703730"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2780", "ELSA-2016-2825"]}, {"type": "osv", "idList": ["OSV:DLA-730-1", "OSV:DLA-752-1", "OSV:DLA-759-1", "OSV:DSA-3716-1", "OSV:DSA-3730-1"]}, {"type": "redhat", "idList": ["RHSA-2016:2780", "RHSA-2016:2825"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5290", "RH:CVE-2016-5291", "RH:CVE-2016-5296", "RH:CVE-2016-5297", "RH:CVE-2016-9064", "RH:CVE-2016-9066", "RH:CVE-2016-9074"]}, {"type": "seebug", "idList": ["SSV:92794", "SSV:93093"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2861-1", "OPENSUSE-SU-2016:3011-1", "OPENSUSE-SU-2016:3019-1", "SUSE-SU-2016:3014-1", "SUSE-SU-2016:3080-1", "SUSE-SU-2016:3105-1"]}, {"type": "ubuntu", "idList": ["USN-3124-1", "USN-3141-1", "USN-3163-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5290", "UB:CVE-2016-5291", "UB:CVE-2016-5293", "UB:CVE-2016-5294", "UB:CVE-2016-5296", "UB:CVE-2016-5297", "UB:CVE-2016-9064", "UB:CVE-2016-9066", "UB:CVE-2016-9074"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201611-16"]}, {"type": "centos", "idList": ["CESA-2016:2780", "CESA-2016:2825"]}, {"type": "cve", "idList": ["CVE-2016-5291"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3730-1:96B35"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5290", "DEBIANCVE:CVE-2016-5291", "DEBIANCVE:CVE-2016-5293", "DEBIANCVE:CVE-2016-5294", "DEBIANCVE:CVE-2016-5296", "DEBIANCVE:CVE-2016-5297", "DEBIANCVE:CVE-2016-9064", "DEBIANCVE:CVE-2016-9066", "DEBIANCVE:CVE-2016-9074"]}, {"type": "freebsd", "idList": ["D1853110-07F4-4645-895B-6FD462AD0589"]}, {"type": "gentoo", "idList": ["GLSA-201701-46"]}, {"type": "ibm", "idList": ["A079CA67676503E95213F78F0E643AA0E3EBA8D2AECFD368FEC0DD7CB2B6EB1E"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2016-9074/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3716.NASL", "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "MACOSX_FIREFOX_50_0.NASL", "MOZILLA_FIREFOX_45_5_ESR.NASL", "MOZILLA_FIREFOX_50_0.NASL", "ORACLELINUX_ELSA-2016-2780.NASL", "REDHAT-RHSA-2016-2780.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882592", "OPENVAS:703730"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2780"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5291"]}, {"type": "seebug", "idList": ["SSV:92794"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2861-1"]}, {"type": "ubuntu", "idList": ["USN-3124-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9074"]}]}, "exploitation": null, "vulnersScore": 0.3}, "pluginID": "1361412562310809806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809806\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5297\",\n\t\t\"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-5291\", \"CVE-2016-9074\",\n\t\t\"CVE-2016-5290\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 13:10:33 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Write to arbitrary file with Mozilla Updater and Maintenance Service using\n updater.log hardlink.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "naslFamily": "General", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659998956, "score": 1659951197}, "_internal": {"score_hash": "f47dc882b1a9f3b6e1659bb84c156ec0"}}
{"nessus": [{"lastseen": "2021-08-19T12:38:41", "description": "The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.5. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_45_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/94959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94959);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5293\",\n \"CVE-2016-5294\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9074\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-90\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is 45.x prior to 45.5. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.5', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:39", "description": "Versions of Mozilla Firefox ESR earlier than 45.5 are unpatched for the following vulnerabilities :\n\n - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.\n - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.\n - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.\n - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.\n - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.\n - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-5293", "CVE-2016-5294"], "modified": "2019-11-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"], "id": "9805.PRM", "href": "https://www.tenable.com/plugins/nnm/9805", "sourceData": "Binary data 9805.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:36", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Debian DSA-3716-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3716.NASL", "href": "https://www.tenable.com/plugins/nessus/94922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3716. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94922);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_xref(name:\"DSA\", value:\"3716\");\n\n script_name(english:\"Debian DSA-3716-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3716\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.5.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.5.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_45_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/94957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94957);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9074\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-90\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is 45.x prior to 45.4. It is, therefore, affected by\nmultiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.5', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:29", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2016:2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94920", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2780. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94920);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2016:2780)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5291\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2780\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:38", "description": "From Red Hat Security Advisory 2016:2780 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2780 and \n# Oracle Linux Security Advisory ELSA-2016-2780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94928);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2780)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2780 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006523.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006524.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.5.0-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.5.0-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-45.5.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:56", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : firefox (CESA-2016:2780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-2780.NASL", "href": "https://www.tenable.com/plugins/nessus/94982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2780 and \n# CentOS Errata and Security Advisory 2016:2780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94982);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_xref(name:\"RHSA\", value:\"2016:2780\");\n\n script_name(english:\"CentOS 5 / 6 : firefox (CESA-2016:2780)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2016-5296, CVE-2016-5297,\nCVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by\nFirefox. A Man-in-the-Middle attacker could use this flaw to install a\nmalicious signed add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Abhishek Arya, Andre Bargull, Samuel\nGross, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as\nthe original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6397317a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61f97fdf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5290\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.5.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.5.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:52", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1085.NASL", "href": "https://www.tenable.com/plugins/nessus/99844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99844);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1085)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox.(CVE-2016-5296, CVE-2016-5297,\n CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was\n handled by Firefox. A Man-in-the-Middle attacker could\n use this flaw to install a malicious signed add-on\n update. (CVE-2016-9064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1085\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04632b25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.5.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:49", "description": "This update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161116_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95051);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066,\n CVE-2016-5291, CVE-2016-5290)\n\n - A flaw was found in the way Add-on update process was\n handled by Firefox. A Man-in-the-Middle attacker could\n use this flaw to install a malicious signed add-on\n update. (CVE-2016-9064)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=2914\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9ebe451\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.5.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.5.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.5.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.5.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:43", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered, allowing a remote attacker to cause a denial of service (application crash) or execute arbitrary code, if a user is tricked into opening a specially crafted website.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-730-1 : firefox-esr security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "p-cpe:/a:debian:debian_linux:firefox-esr-dbg", "p-cpe:/a:debian:debian_linux:firefox-esr-dev", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceweasel", "p-cpe:/a:debian:debian_linux:iceweasel-dbg", "p-cpe:/a:debian:debian_linux:iceweasel-dev", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-af", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-all", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-an", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-as", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-az", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-be", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-da", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-de", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-el", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-et", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-he", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-id", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-is", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-it", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-km", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-or", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-si", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-son", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-te", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-th", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-730.NASL", "href": "https://www.tenable.com/plugins/nessus/95456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-730-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95456);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n\n script_name(english:\"Debian DLA-730-1 : firefox-esr security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been\nfixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/firefox-esr\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-an\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-as\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-az\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-za\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-or\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-son\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-te\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dbg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-dev\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dbg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-dev\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.5.1esr-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:55", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026) :\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo", "p-cpe:/a:novell:suse_linux:libfreebl3-hmac", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo", "p-cpe:/a:novell:suse_linux:libsoftokn3-hmac", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs", "p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource", "p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit", "p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3014-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95565);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5\n(bsc#1009026) :\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549) The Mozilla Firefox\n changelog was amended to document patched dropped in a\n previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163014-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7fce6b6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1754=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1754=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1754=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1754=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-hmac-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-hmac-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.0esr-88.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.21.3-50.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.21.3-50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:37", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-752-1 : icedove security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:iceowl-extension", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-752.NASL", "href": "https://www.tenable.com/plugins/nessus/96013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-752-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96013);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"Debian DLA-752-1 : icedove security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"45.5.1-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Debian DSA-3730-1 : icedove - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3730.NASL", "href": "https://www.tenable.com/plugins/nessus/95666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3730. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95666);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_xref(name:\"DSA\", value:\"3730\");\n\n script_name(english:\"Debian DSA-3730-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3730\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:45.5.1-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3080-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3080-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95712);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA\n 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163080-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4cc0686a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-mfsa2016-90-12882=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-mfsa2016-90-12882=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mfsa2016-90-12882=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:02", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-devel", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3105-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3105-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95797);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation\n (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1593bc97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-mfs2016-90-12883=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-mfs2016-90-12883=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-translations-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libfreebl3-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-devel-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-tools-3.21.3-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:55", "description": "Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3141-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3141-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95426);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_xref(name:\"USN\", value:\"3141-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary\nKwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in\nsome circumstances. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted\nmessage, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3141-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:03:19", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_50_0.NASL", "href": "https://www.tenable.com/plugins/nessus/94960", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94960);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5289\",\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5292\",\n \"CVE-2016-5293\",\n \"CVE-2016-5294\",\n \"CVE-2016-5295\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9063\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9067\",\n \"CVE-2016-9068\",\n \"CVE-2016-9069\",\n \"CVE-2016-9070\",\n \"CVE-2016-9071\",\n \"CVE-2016-9072\",\n \"CVE-2016-9073\",\n \"CVE-2016-9074\",\n \"CVE-2016-9075\",\n \"CVE-2016-9076\",\n \"CVE-2016-9077\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94337,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-89\");\n\n script_name(english:\"Mozilla Firefox < 50.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 50.0. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'50', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:02:36", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_50_0.NASL", "href": "https://www.tenable.com/plugins/nessus/94958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94958);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5289\",\n \"CVE-2016-5290\",\n \"CVE-2016-5291\",\n \"CVE-2016-5292\",\n \"CVE-2016-5296\",\n \"CVE-2016-5297\",\n \"CVE-2016-9063\",\n \"CVE-2016-9064\",\n \"CVE-2016-9066\",\n \"CVE-2016-9067\",\n \"CVE-2016-9068\",\n \"CVE-2016-9069\",\n \"CVE-2016-9070\",\n \"CVE-2016-9071\",\n \"CVE-2016-9073\",\n \"CVE-2016-9074\",\n \"CVE-2016-9075\",\n \"CVE-2016-9076\",\n \"CVE-2016-9077\"\n );\n script_bugtraq_id(\n 94335,\n 94336,\n 94337,\n 94339,\n 94341\n );\n script_xref(name:\"MFSA\", value:\"2016-89\");\n\n script_name(english:\"Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 50.0. It is, therefore, affected by multiple\nvulnerabilities, the majority of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9075\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'50', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:03:20", "description": "This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5\n\nThe following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2.\n\nNew features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole words only\n\n - Added download protection for a large number of executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\nmozilla-nss was updated to 3.26.2, incorporating the following changes :\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1334.NASL", "href": "https://www.tenable.com/plugins/nessus/95022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1334.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95022);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)\");\n script_summary(english:\"Check for the openSUSE-2016-1334 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA\n2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in\n nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922\n (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver\n (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the\n mozAddonManager API and use it to gain elevated\n privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps\n to be applied to cross-origin images, allowing timing\n attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to\n chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify\n 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL\n bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside\n XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301\n redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5\n\nThe following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bmo#1293334) Mozilla Firefox\n now requires mozilla-nss 3.26.2.\n\nNew features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have\n Ctrl+Tab cycle through tabs in recently used order View\n a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit\n search to whole words only\n\n - Added download protection for a large number of\n executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with\n rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without\n native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\nmozilla-nss was updated to 3.26.2, incorporating the following \nchanges :\n\n - the selfserv test utility has been enhanced to support\n ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root\n X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in\n CertificateRequest messages are now properly ignored\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox / mozilla-nss packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-50.0-88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreebl3-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsoftokn3-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-debugsource-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-devel-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-branding-upstream-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-buildsymbols-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debuginfo-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-debugsource-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-devel-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-common-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaFirefox-translations-other-50.0-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libfreebl3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsoftokn3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-debugsource-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-devel-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-branding-upstream-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-buildsymbols-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debuginfo-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debugsource-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-devel-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-common-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-other-50.0-39.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libfreebl3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libfreebl3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libsoftokn3-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libsoftokn3-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-certs-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-debugsource-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-devel-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-sysinit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-tools-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-32.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-32.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:01:49", "description": "Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:firefox-esr", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D185311007F44645895B6FD462AD0589.NASL", "href": "https://www.tenable.com/plugins/nessus/94904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94904);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\", \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-89/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2016-90/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/\"\n );\n # https://vuxml.freebsd.org/freebsd/d1853110-07f4-4645-895b-6fd462ad0589.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7042961\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<50.0_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.47\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.47\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<45.5.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.5.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<45.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<45.5.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<45.5.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:40", "description": "Versions of Mozilla Firefox prior to 50.0 are unpatched for the following vulnerabilities :\n\n - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.\n - A flaw exists in the 'net_CoalesceDirs()' function in 'netwerk/base/nsURLHelper.cpp' that is triggered when handling specially crafted URLs. This may allow a context-dependent attacker to potentially execute arbitrary code.\n - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.\n - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.\n - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.\n - A flaw exists that is triggered when a context-dependent attacker forces a user into full-screen mode, which may potentially allow the attacker to use a fake location bar to perform spoofing attacks.\n - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.\n - A use-after-free error exists in the 'nsINode::ReplaceOrInsertBefore()' function in 'dom/base/nsINode.cpp' that is triggered when handling certain DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the 'nsINode::Prepend()' function in 'dom/base/nsINode.cpp' that is triggered when handling DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in 'nsRefreshDriver'. The issue is triggered when handling web animation timelines. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - A flaw exists in 'dom/plugins/base/nsPluginTags.cpp' that is triggered as the sandbox for 64-bit NPAPI plugins may not be enabled by default. This may potentially result in less secure behavior than intended.\n - A flaw exists in 'toolkit/components/extensions/ExtensionContent.jsm' that is triggered as WebExtensions may inappropriately access the mozAddonManager API. This may allow a context-dependent attacker to use a specially crafted extension to install further extensions without a user's permission.\n - A flaw exists in 'dom/canvas/CanvasRenderingContext2D.cpp' that is triggered by the use of the feDisplacementMap filter on images that are loaded cross-origin. This may allow a context-dependent attacker to conduct a timing attack and have an unspecified impact.\n - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.\n - A flaw exists in the 'ProcessSoftwareUpdateCommand()' function in 'toolkit/components/maintenanceservice/workmonitor.cpp', as it may copy 'updater.exe' from untrusted directories. This may allow a local attacker to read files with SYSTEM privileges.\n - A flaw exists that is triggered when a page load is disrupted. This may result in the previous page's favicon and SSL indicator persisting, potentially misleading a user about the URL of the page being visited.\n - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose AuthTokens intended to be sent to Firefox.\n - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose API keys intended to be sent to Firefox.\n - A flaw exists in 'mobile/android/base/java/org/mozilla/gecko/PrivateTab.java' that is triggered, as browsing metadata from private browsing may persist in the 'browser.db' and 'browser.db'-wal files within a Firefox profile. This may potentially allow a physically present attacker to disclose information about private browsing.\n - A flaw exists in 'dom/bindings/Codegen.py' that is triggered when loading pages in a sidebar via a bookmark. This may allow the page to reference a privileged chrome window, violating the same-origin policy and engaging in limited JavaScript operations.\n - A flaw exists that is triggered as the 'windows.create' schema doesn't specify \"format\": \"relativeUrl\". This may allow a context-dependent attacker to escape the WebExtension sandbox.\n - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.\n - A flaw exists that is triggered as the \"select\" dropdown menu may potentially cover location bar content, allowing a context-dependent attacker to spoof the location bar.\n - An integer overflow condition exists in the 'XML_Parse()' function in 'parser/expat/lib/xmlparse.c'. The issue is triggered as certain input is not properly validated when parsing XML content. This may allow a context-dependent attacker to have an unspecified impact.\n - A flaw exists in the 'nsCSPHostSrc::permits()' function in 'dom/security/nsCSPUtils.cpp' that is triggered when the Content Security Policy (CSP) is combined with HTTP to HTTPS redirection. This may potentially allow a context-dependent attacker to enumerate the existence of a known site in a user's browser history.\n - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'EventListenerManager::GetListenerInfo()' function in 'dom/events/EventListenerManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/media/mediasource/TrackBuffersManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'WebrtcVideoConduit::CodecConfigToWebRTCCodec()' function in 'media/webrtc/signaling/src/media-conduit/VideoConduit.cpp' that is triggered when handling simulcast streams. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'js/src/jit/arm64/MacroAssembler-arm64.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exist that is triggered when handling screen/window/app capture. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to MessagePort not supporting transferable objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists in the 'JSStructuredCloneWriter::transferOwnership()' function in 'js/src/vm/StructuredClone.cpp' that is triggered when handling user-defined structured clone tags. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9063", "CVE-2016-5289", "CVE-2016-5292", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-9072", "CVE-2016-5295", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9065", "CVE-2014-8644"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"], "id": "9804.PRM", "href": "https://www.tenable.com/plugins/nnm/9804", "sourceData": "Binary data 9804.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T17:03:19", "description": "Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code.\n(CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a man-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9067, CVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9068)\n\nIt was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions.\n(CVE-2016-9070)\n\nAn issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071)\n\nAn issue was discovered with the windows.create() WebExtensions API.\nIf a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073)\n\nIt was discovered that WebExtensions can use the mozAddonManager API.\nAn attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075)\n\nIt was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks.\n(CVE-2016-9076)\n\nIt was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3124-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3124-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95025);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n script_xref(name:\"USN\", value:\"3124-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon\nCoppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli\nPettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in\nsome circumstances. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to execute arbitrary code.\n(CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon\nID inside the signed package matched the ID of the addon being\nupdated. An attacker that could perform a man-in-the-middle (MITM)\nattack could potentially exploit this to provide malicious addon\nupdates. (CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9067, CVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-9068)\n\nIt was discovered that a page loaded in to the sidebar through a\nbookmark could reference a privileged chrome window. An attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-9070)\n\nAn issue was discovered with Content Security Policy (CSP) in\ncombination with HTTP to HTTPS redirection. An attacker could\npotentially exploit this to verify whether a site is within the user's\nbrowsing history. (CVE-2016-9071)\n\nAn issue was discovered with the windows.create() WebExtensions API.\nIf a user were tricked in to installing a malicious extension, an\nattacker could potentially exploit this to escape the WebExtensions\nsandbox. (CVE-2016-9073)\n\nIt was discovered that WebExtensions can use the mozAddonManager API.\nAn attacker could potentially exploit this to install additional\nextensions without user permission. (CVE-2016-9075)\n\nIt was discovered that <select> element dropdown menus can cover\nlocation bar content when e10s is enabled. An attacker could\npotentially exploit this to conduct UI spoofing attacks.\n(CVE-2016-9076)\n\nIt was discovered that canvas allows the use of the feDisplacementMap\nfilter on cross-origin images. An attacker could potentially exploit\nthis to conduct timing attacks. (CVE-2016-9077).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3124-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"50.0+build2-0ubuntu0.16.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:44", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole words only\n\n - Added download protection for a large number of executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes :\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-9078", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1407.NASL", "href": "https://www.tenable.com/plugins/nessus/95590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1407.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95590);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\", \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\", \"CVE-2016-9078\", \"CVE-2016-9079\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)\");\n script_summary(english:\"Check for the openSUSE-2016-1407 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS\n3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA\n2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in\n nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922\n (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver\n (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the\n mozAddonManager API and use it to gain elevated\n privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps\n to be applied to cross-origin images, allowing timing\n attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to\n chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify\n 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL\n bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside\n XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301\n redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS\n 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have\n Ctrl+Tab cycle through tabs in recently used order View\n a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit\n search to whole words only\n\n - Added download protection for a large number of\n executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with\n rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without\n native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the\n following changes :\n\n - the selfserv test utility has been enhanced to support\n ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root\n X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in\n CertificateRequest messages are now properly ignored\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1227538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1247239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1294438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1300083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1306696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1317641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox / Thunderbird and NSS packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-94.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:01", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-29T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95382", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2825. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95382);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2825)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5290\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2825\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:55", "description": "From Red Hat Security Advisory 2016:2825 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2825 and \n# Oracle Linux Security Advisory ELSA-2016-2825 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95410);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2825)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2825 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006542.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-45.5.0-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:58", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2825.NASL", "href": "https://www.tenable.com/plugins/nessus/95444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2825 and \n# CentOS Errata and Security Advisory 2016:2825 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95444);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5290\");\n script_xref(name:\"RHSA\", value:\"2016:2825\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2825)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan\nAkhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and\nRandell Jesup as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d16a91bb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bce4f675\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-December/003691.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1bf1620\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5290\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.5.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.5.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:45", "description": "This update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161129)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161129_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95868);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-5290\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Thunderbird to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2016-5290)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=15252\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56d200a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-45.5.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-45.5.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-45.5.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-45.5.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:18", "description": "Franziskus Kiefer reported that the existing mitigations for some timing side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-201 6-9074\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "Debian DLA-759-1 : nss security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libnss3", "p-cpe:/a:debian:debian_linux:libnss3-1d", "p-cpe:/a:debian:debian_linux:libnss3-dbg", "p-cpe:/a:debian:debian_linux:libnss3-dev", "p-cpe:/a:debian:debian_linux:libnss3-tools", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-759.NASL", "href": "https://www.tenable.com/plugins/nessus/96094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-759-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96094);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9074\");\n\n script_name(english:\"Debian DLA-759-1 : nss security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Franziskus Kiefer reported that the existing mitigations for some\ntiming side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-201\n6-9074\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/nss\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cacd4be1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libnss3\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-1d\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dbg\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dev\", reference:\"2:3.26-1+debu7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-tools\", reference:\"2:3.26-1+debu7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:35", "description": "It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"], "modified": "2019-11-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libnss3", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3163-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3163-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96304);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_xref(name:\"USN\", value:\"3163-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that NSS incorrectly handled certain invalid\nDiffie-Hellman keys. A remote attacker could possibly use this flaw to\ncause NSS to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman\nclient key exchanges. A remote attacker could possibly use this flaw\nto perform a small subgroup confinement attack and recover private\nkeys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain\ntiming side-channel attacks. A remote attacker could possibly use this\nflaw to recover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes\nthe latest CA certificate bundle.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3163-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libnss3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.14.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libnss3\", pkgver:\"2:3.26.2-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnss3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:38", "description": "The remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-04T00:00:00", "type": "nessus", "title": "GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2804", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2809", "CVE-2016-2810", "CVE-2016-2811", "CVE-2016-2812", "CVE-2016-2813", "CVE-2016-2814", "CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2820", "CVE-2016-2827", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5253", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5267", "CVE-2016-5268", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-15.NASL", "href": "https://www.tenable.com/plugins/nessus/96276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-15.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96276);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2804\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2809\", \"CVE-2016-2810\", \"CVE-2016-2811\", \"CVE-2016-2812\", \"CVE-2016-2813\", \"CVE-2016-2814\", \"CVE-2016-2816\", \"CVE-2016-2817\", \"CVE-2016-2820\", \"CVE-2016-2827\", \"CVE-2016-2830\", \"CVE-2016-2835\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5250\", \"CVE-2016-5251\", \"CVE-2016-5252\", \"CVE-2016-5253\", \"CVE-2016-5254\", \"CVE-2016-5255\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5260\", \"CVE-2016-5261\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-5266\", \"CVE-2016-5267\", \"CVE-2016-5268\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\");\n script_xref(name:\"GLSA\", value:\"201701-15\");\n\n script_name(english:\"GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-15\n(Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Thunderbird. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition via\n multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-15\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.6.0'\n All Firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.6.0'\n All Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-45.6.0'\n All Thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-45.6.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox / Thunderbird\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-13T18:08:33", "description": "The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details.\n Impact :\n\n Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2721", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-1938", "CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nss", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-46.NASL", "href": "https://www.tenable.com/plugins/nessus/96643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-46.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96643);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-4000\", \"CVE-2015-7575\", \"CVE-2016-1938\", \"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_xref(name:\"GLSA\", value:\"201701-46\");\n\n script_name(english:\"GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-46\n(Mozilla Network Security Service (NSS): Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in NSS. Please review the\n CVE identifiers and technical papers referenced below for details.\n \nImpact :\n\n Remote attackers could conduct man-in-the-middle attacks, obtain access\n to private key information, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mitls.org/pages/attacks/SLOTH\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All NSS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.28'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/nss\", unaffected:make_list(\"ge 3.28\"), vulnerable:make_list(\"lt 3.28\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Network Security Service (NSS)\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "mozilla": [{"lastseen": "2021-12-29T14:12:16", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.\nWhen the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems.\nThe Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems.\nAn error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.\nAdd-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.\nA buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.\nA same-origin policy bypass with local shortcut files to load arbitrary local content from disk.\nAn existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.\nMozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-15T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Firefox ESR 45.5 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-15T00:00:00", "id": "MFSA2016-90", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-29T14:12:16", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.\nThe Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems.\nAn error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.\nA buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.\nA same-origin policy bypass with local shortcut files to load arbitrary local content from disk.\nAn existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.\nMozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-18T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Thunderbird 45.5 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-18T00:00:00", "id": "MFSA2016-93", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-29T14:12:16", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.\nDuring URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.\nWhen the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems.\nThe Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems.\nAn error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.\nAdd-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.\nThe location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.\nA buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.\nTwo use-after-free errors during DOM operations resulting in potentially exploitable crashes.\nA use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.\nWhen a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected.\nAn issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.\nCanvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.\nA same-origin policy bypass with local shortcut files to load arbitrary local content from disk.\nThis vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems.\nA mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected.\nA previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.\nA previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.\nPrivate browsing mode leaves metadata information, such as URLs, for sites visited in browser.db and browser.db-wal files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.\nA maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.\nWebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.\nAn existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.\nAn issue where a dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.\nAn integer overflow during the parsing of XML using the Expat library.\nContent Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.\nMozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\nMozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-15T00:00:00", "type": "mozilla", "title": "Security vulnerabilities fixed in Firefox 50 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077"], "modified": "2016-11-15T00:00:00", "id": "MFSA2016-89", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:59", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310809821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2016-93_2016-93_win.nasl 12431 2018-11-20 09:21:00Z asteins $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809821\");\n script_version(\"$Revision: 12431 $\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5294\", \"CVE-2016-5297\", \"CVE-2016-9066\",\n \"CVE-2016-5291\", \"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94339, 94336, 94341, 94335);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 11:45:00 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information, and\n to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3716-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703716", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3716.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3716-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703716\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_name(\"Debian Security Advisory DSA 3716-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 00:00:00 +0100 (Wed, 16 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3716.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:19", "description": "This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809807", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809807\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\",\n \"CVE-2016-5291\", \"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 13:11:16 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.5 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3716-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703716", "href": "http://plugins.openvas.org/nasl.php?oid=703716", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3716.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3716-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703716);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\");\n script_name(\"Debian Security Advisory DSA 3716-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-16 00:00:00 +0100 (Wed, 16 Nov 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3716.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible web browser with support for modern\nweb application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-27T18:39:01", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161085", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1085\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1085)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1085\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1085\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2016-1085 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\nA flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:38", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2780 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2780 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882592\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:36:58 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2780 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Grob, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2780\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022156.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:51", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2780 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882595", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2780 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882595\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:16 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2780 centos5\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Grob, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2780\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022157.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of firefox\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-17T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2016:2780-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871719", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2016:2780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871719\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-17 05:00:27 +0100 (Thu, 17 Nov 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2016:2780-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291,\nCVE-2016-5290)\n\n * A flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang\nZhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary\nKwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2780-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00074.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-25T14:49:45", "description": "This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310809822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809822\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-5291\",\n \t\t\"CVE-2016-9074\", \"CVE-2016-5290\");\n script_bugtraq_id(94339, 94336, 94341, 94335);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 11:46:45 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-93_2016-93 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Insufficient timing side-channel resistance in divSpoiler.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information, and\n to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703730", "href": "http://plugins.openvas.org/nasl.php?oid=703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703730);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail\nclient suitable for free distribution. It supports different mail accounts (POP,\nIMAP, Gmail), has an integrated learning Spam filter, and offers easy organization\nof mails with tagging and virtual folders. Also, more features can be added by\ninstalling extensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703730\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3141-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842967", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-3141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842967\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:07 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3141-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Christian Holler, Jon Coppeard, Olli Pettay,\n Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple\n memory safety issues in Thunderbird. If a user were tricked in to opening a\n specially crafted message, an attacker could potentially exploit these to cause a\n denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted message,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked\nin to opening a specially crafted website in a browsing context, an\nattacker could exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9079)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3141-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3141-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:58", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809805\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\",\n\t\t\"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9067\",\n \"CVE-2016-5290\", \"CVE-2016-9068\", \"CVE-2016-5289\", \"CVE-2016-9075\",\n \"CVE-2016-9077\", \"CVE-2016-5291\", \"CVE-2016-5295\", \"CVE-2016-9070\",\n \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9076\", \"CVE-2016-9063\",\n \"CVE-2016-9071\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 12:21:41 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - URL parsing causes crash.\n\n - Write to arbitrary file with Mozilla Updater and Maintenance Service using\n updater.log hardlink.\n\n - Arbitrary target directory for result files of update process.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - heap-use-after-free in nsINode::ReplaceOrInsertBefore.\n\n - heap-use-after-free in nsRefreshDriver.\n\n - WebExtensions can access the mozAddonManager API and use it to gain elevated\n privileges.\n\n - Canvas filters allow feDisplacementMaps to be applied to cross-origin images,\n allowing timing attacks on them.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM.\n\n - Sidebar bookmark can have reference to chrome window.\n\n - Insufficient timing side-channel resistance in divSpoiler.\n\n - select dropdown menu can be used for URL bar spoofing on e10s.\n\n - Possible integer overflow to fix inside XML_Parse in Expat.\n\n - Probe browser history via HSTS/301 redirect + CSP.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 50 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851435", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851435\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-19 05:37:18 +0100 (Sat, 19 Nov 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\",\n \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9074\",\n \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2861-1)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use\n it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to\n cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format':\n 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on\n e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by using\n Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole\n words only\n\n - Added download protection for a large number of executable file types on\n Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox, mozilla-nss on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2861-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0~88.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.26.2~49.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:25", "description": "This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809804\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-5296\", \"CVE-2016-5292\", \"CVE-2016-5297\", \"CVE-2016-9064\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-5290\", \"CVE-2016-9068\",\n \"CVE-2016-9072\", \"CVE-2016-9075\", \"CVE-2016-9077\", \"CVE-2016-5291\",\n \"CVE-2016-9070\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9076\",\n \"CVE-2016-9063\", \"CVE-2016-9071\", \"CVE-2016-5289\");\n script_bugtraq_id(94336, 94337, 94342, 94339);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 12:25:23 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Heap-buffer-overflow WRITE in rasterize_edges_1.\n\n - URL parsing causes crash.\n\n - Incorrect argument length checking in JavaScript.\n\n - Add-ons update must verify IDs match between current and new versions.\n\n - Integer overflow leading to a buffer overflow in nsScriptLoadHandler.\n\n - heap-use-after-free in nsINode::ReplaceOrInsertBefore.\n\n - heap-use-after-free in nsRefreshDriver.\n\n - 64-bit NPAPI sandbox is not enabled on fresh profile.\n\n - WebExtensions can access the mozAddonManager API and use it to gain elevated\n privileges.\n\n - Canvas filters allow feDisplacementMaps to be applied to cross-origin images,\n allowing timing attacks on them.\n\n - Same-origin policy violation using local HTML file and saved shortcut file.\n\n - Sidebar bookmark can have reference to chrome window.\n\n - Insufficient timing side-channel resistance in divSpoiler.\n\n - select dropdown menu can be used for URL bar spoofing on e10s.\n\n - Possible integer overflow to fix inside XML_Parse in Expat.\n\n - Probe browser history via HSTS/301 redirect + CSP.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code, to delete\n arbitrary files by leveraging certain local file execution, to obtain sensitive\n information, and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 50 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3124-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842953", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3124-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842953\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-19 05:36:56 +0100 (Sat, 19 Nov 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n\t\t\"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9063\", \"CVE-2016-9064\",\n\t\t\"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9069\", \"CVE-2016-9068\",\n\t\t\"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9073\", \"CVE-2016-9075\",\n\t\t\"CVE-2016-9076\", \"CVE-2016-9077\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3124-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Christian Holler, Andrew McCreight, Dan\n Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus\n Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell\n Jesup discovered multiple memory safety issues in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could potentially\n exploit these to cause a denial of service via application crash, or execute\n arbitrary code. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to execute arbitrary code. (CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon ID\ninside the signed package matched the ID of the addon being updated.\nAn attacker that could perform a man-in-the-middle (MITM) attack could\npotentially exploit this to provide malicious addon updates.\n(CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-9067,\nCVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some\ncircumstance ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.04 LTS,\n Ubuntu 16.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3124-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3124-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0+build2-0ubuntu0.16.10.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851442", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851442\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-06 05:39:57 +0100 (Tue, 06 Dec 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\",\n \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\",\n \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\",\n \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\",\n \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\",\n \"CVE-2016-9078\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format':\n 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to\n whole words only\n\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional loc ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3011-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2825 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2825 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882603\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 05:33:41 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2825 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2825\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022163.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2016:2825-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:2825-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871724\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 17:27:51 +0530 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:2825-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2825-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00086.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~45.5.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:32", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2825 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882604", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2825 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882604\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 05:33:43 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2825 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the\noriginal reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2825\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022165.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-28T16:29:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for nss USN-3163-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8635", "CVE-2016-9074", "CVE-2016-5285"], "modified": "2019-11-27T00:00:00", "id": "OPENVAS:1361412562310843006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843006", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nss USN-3163-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843006\");\n script_version(\"2019-11-27T15:23:21+0000\");\n script_tag(name:\"last_modification\", value:\"2019-11-27 15:23:21 +0000 (Wed, 27 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-05 05:42:57 +0100 (Thu, 05 Jan 2017)\");\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-8635\", \"CVE-2016-9074\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nss USN-3163-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that NSS incorrectly\n handled certain invalid Diffie-Hellman keys. A remote attacker could possibly\n use this flaw to cause NSS to crash, resulting in a denial of service. This issue\n only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n (CVE-2016-5285)\n\nHubert Kario discovered that NSS incorrectly handled Diffie Hellman client\nkey exchanges. A remote attacker could possibly use this flaw to perform a\nsmall subgroup confinement attack and recover private keys. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-8635)\n\nFranziskus Kiefer discovered that NSS incorrectly mitigated certain timing\nside-channel attacks. A remote attacker could possibly use this flaw to\nrecover private keys. (CVE-2016-9074)\n\nThis update refreshes the NSS package to version 3.26.2 which includes\nthe latest CA certificate bundle.\");\n script_tag(name:\"affected\", value:\"nss on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3163-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3163-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.26.2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.26.2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2022-03-07T01:12:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3716-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 16, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 \n CVE-2016-9064 CVE-2016-9066 CVE-2016-9074\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-16T21:27:57", "type": "debian", "title": "[SECURITY] [DSA 3716-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-16T21:27:57", "id": "DEBIAN:DSA-3716-1:B4B8D", "href": "https://lists.debian.org/debian-security-announce/2016/msg00299.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:45:03", "description": "Package : firefox-esr\nVersion : 45.5.1esr-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9064 CVE-2016-9066\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T21:45:13", "type": "debian", "title": "[SECURITY] [DLA 730-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-12-01T21:45:13", "id": "DEBIAN:DLA-730-1:42601", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T16:26:32", "description": "Package : firefox-esr\nVersion : 45.5.1esr-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9064 CVE-2016-9066\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T21:45:13", "type": "debian", "title": "[SECURITY] [DLA 730-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-12-01T21:45:13", "id": "DEBIAN:DLA-730-1:11C56", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:96B35", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T21:43:02", "description": "Package : icedove\nVersion : 45.5.1-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 \n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-17T20:19:56", "type": "debian", "title": "[SECURITY] [DLA 752-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-17T20:19:56", "id": "DEBIAN:DLA-752-1:F9780", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T22:26:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:A6927", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-25T05:44:29", "description": "Package : nss\nVersion : 2:3.26-1+debu7u2\nCVE ID : CVE-2016-9074\n\nFranziskus Kiefer reported that the existing mitigations for\nsome timing side-channel attacks were insufficient:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2:3.26-1+debu7u2.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-23T10:42:34", "type": "debian", "title": "[SECURITY] [DLA 759-1] nss security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2016-12-23T10:42:34", "id": "DEBIAN:DLA-759-1:AE95E", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00034.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290). A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update (CVE-2016-9064). An existing mitigation of timing side-channel attacks in NSS before 3.26.1 is insufficient in some circumstances (CVE-2016-9074). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-17T14:10:52", "type": "mageia", "title": "Updated nss and firefox packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2016-11-17T14:10:52", "id": "MGASA-2016-0379", "href": "https://advisories.mageia.org/MGASA-2016-0379.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash (CVE-2016-5296). The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access (CVE-2016-5294). An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues (CVE-2016-5297). A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data (CVE-2016-9066). A same-origin policy bypass with local shortcut files to load arbitrary local content from disk (CVE-2016-5291). Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2016-5290). A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows (CVE-2016-9079). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-05T21:49:27", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2016-12-05T21:49:27", "id": "MGASA-2016-0409", "href": "https://advisories.mageia.org/MGASA-2016-0409.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5287, CVE-2016-5288, CVE-2016-5289, CVE-2016-5290, CVE-2016-5292, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9075, CVE-2016-9077, CVE-2016-5291, CVE-2016-9063, CVE-2016-9070, CVE-2016-9071, CVE-2016-9073, CVE-2016-9076, CVE-2016-9078, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393, CVE-2017-5396) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-01T21:10:29", "type": "mageia", "title": "Updated iceape packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5287", "CVE-2016-5288", "CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5297", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9073", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-9078", "CVE-2016-9080", "CVE-2016-9893", "CVE-2016-9894", "CVE-2016-9895", "CVE-2016-9896", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9903", "CVE-2016-9904", "CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5393", "CVE-2017-5396"], "modified": "2017-09-01T21:10:29", "id": "MGASA-2017-0323", "href": "https://advisories.mageia.org/MGASA-2017-0323.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:10:00", "description": "\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-16T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"], "modified": "2022-08-10T07:09:53", "id": "OSV:DSA-3716-1", "href": "https://osv.dev/vulnerability/DSA-3716-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:39", "description": "\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2022-07-21T05:54:46", "id": "OSV:DLA-730-1", "href": "https://osv.dev/vulnerability/DLA-730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:38", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1-1~deb7u1.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-17T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2022-07-21T05:54:47", "id": "OSV:DLA-752-1", "href": "https://osv.dev/vulnerability/DLA-752-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:14", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2022-08-10T07:11:10", "id": "OSV:DSA-3730-1", "href": "https://osv.dev/vulnerability/DSA-3730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:34", "description": "\nFranziskus Kiefer reported that the existing mitigations for\nsome timing side-channel attacks were insufficient:\n<https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#>[CVE-2016-9074](https://security-tracker.debian.org/tracker/CVE-2016-9074)\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2:3.26-1+debu7u2.\n\n\nWe recommend that you upgrade your nss packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-23T00:00:00", "type": "osv", "title": "nss - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2022-07-21T05:54:48", "id": "OSV:DLA-759-1", "href": "https://osv.dev/vulnerability/DLA-759-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2021-10-19T18:38:56", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A\nMan-in-the-Middle attacker could use this flaw to install a malicious signed\nadd-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou,\nOlli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru\nFujisawa, Philipp, and Randell Jesup as the original reporters.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-16T00:00:00", "type": "redhat", "title": "(RHSA-2016:2780) Critical: firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2018-06-06T16:24:15", "id": "RHSA-2016:2780", "href": "https://access.redhat.com/errata/RHSA-2016:2780", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T18:37:38", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-29T00:00:00", "type": "redhat", "title": "(RHSA-2016:2825) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290"], "modified": "2018-06-06T16:24:19", "id": "RHSA-2016:2825", "href": "https://access.redhat.com/errata/RHSA-2016:2825", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:44", "description": "[45.5.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.5.0-1]\n- Update to 45.5.0 ESR\n[45.4.0-3]\n- Added upcoming upstream patches mozbz#1018486\n[45.4.0-2]\n- Added Laszlo Ersek patch for aarch64 crashes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-16T00:00:00", "type": "oraclelinux", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-11-16T00:00:00", "id": "ELSA-2016-2780", "href": "http://linux.oracle.com/errata/ELSA-2016-2780.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:07", "description": "[45.5.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.5.0-1]\n- Update to 45.5.0", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-29T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290"], "modified": "2016-11-29T00:00:00", "id": "ELSA-2016-2825", "href": "http://linux.oracle.com/errata/ELSA-2016-2825.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:52:04", "description": "**CentOS Errata and Security Advisory** CESA-2016:2780\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290)\n\n* A flaw was found in the way Add-on update process was handled by Firefox. A\nMan-in-the-Middle attacker could use this flaw to install a malicious signed\nadd-on update. (CVE-2016-9064)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Abhishek Arya, Andre Bargull, Samuel Gross, Yuyang Zhou,\nOlli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru\nFujisawa, Philipp, and Randell Jesup as the original reporters.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059075.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059076.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2780", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-19T11:43:55", "type": "centos", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2016-11-19T12:43:11", "id": "CESA-2016:2780", "href": "https://lists.centos.org/pipermail/centos-announce/2016-November/059075.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T11:51:59", "description": "**CentOS Errata and Security Advisory** CESA-2016:2825\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.0\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-5290)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon\nCoppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original\nreporters.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/059082.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/059084.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-December/016581.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2825", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T15:29:44", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290"], "modified": "2016-12-01T15:43:25", "id": "CESA-2016:2825", "href": "https://lists.centos.org/pipermail/centos-announce/2016-December/059082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026):\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n\n The Mozilla Firefox changelog was amended to document patched dropped in a\n previous update.\n\n", "cvss3": {}, "published": "2016-12-05T21:07:10", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-05T21:07:10", "id": "SUSE-SU-2016:3014-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-13T13:07:50", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-13T13:07:50", "id": "SUSE-SU-2016:3105-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026 bsc#1012964):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92\n bsc#1012964)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-10T23:09:49", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-10T23:09:49", "id": "SUSE-SU-2016:3080-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:55", "description": "This update for MozillaThunderbird fixes some potential security issues\n and bugs.\n\n The following security flaws cannot be exploited through email because\n scripting is disabled when reading mail, but are potentially risks in\n browser or browser-like contexts:\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,\n bsc#1012964)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010411)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n - CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5\n (bsc#1010427)\n\n The update contains changes in behavior:\n\n - Changed recipient address entry: Arrow-keys now copy the pop-up value to\n the input field. Mouse-hovered pop-up value can no longer be confirmed\n with tab or enter key. This restores the behavior of Thunderbird 24.\n - Support changes to character limit in Twitter\n\n The following bugs were fixed:\n\n - Reply with selected text containing quote resulted in wrong quoting\n level indication\n - Email invitation might not be displayed when description contains\n non-ASCII characters\n - Attempting to sort messages on the Date field whilst a quick filter is\n applied got stuck\n on sort descending\n - Mail address display at header pane displayed incorrectly if the address\n contains UTF-8 according to RFC 6532\n\n", "cvss3": {}, "published": "2016-12-06T13:07:20", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2016-12-06T13:07:20", "id": "OPENSUSE-SU-2016:3019-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00012.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "This update to Mozilla Firefox 50.0 fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bmo#1303418)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use\n it to gain elevated privileges (bmo#1295324)\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to\n cross-origin images, allowing timing attacks on them (bmo#1298552)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n - CVE-2016-9073: windows.create schema doesn't specify "format":\n "relativeUrl" (bmo#1289273)\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on\n e10s (bmo#1276976)\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by using\n Ctrl+Alt+R\n - Added option to Find in page that allows users to limit search to whole\n words only\n - Added download protection for a large number of executable file types on\n Windows, Mac and Linux\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n - Blocked versions of libavcodec older than 54.35.1\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes:\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1)\n and 0-RTT\n - The following CA certificate was added: CN = ISRG Root X1\n - NPN is disabled and ALPN is enabled by default\n - MD5 signature algorithms sent by the server in CertificateRequest\n messages are now properly ignored\n\n", "cvss3": {}, "published": "2016-11-18T17:06:44", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-5289", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9073", "CVE-2016-9076"], "modified": "2016-11-18T17:06:44", "id": "OPENSUSE-SU-2016:2861-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n - CVE-2016-9073: windows.create schema doesn't specify "format":\n "relativeUrl" (bmo#1289273)\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n - Added option to Find in page that allows users to limit search to\n whole words only\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n - Blocked versions of libavcodec older than 54.35.1\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes:\n\n - the selfserv test utility has been enhanced to support ALPN\n (HTTP/1.1) and 0-RTT\n - The following CA certificate was added: CN = ISRG Root X1\n - NPN is disabled and ALPN is enabled by default\n - MD5 signature algorithms sent by the server in CertificateRequest\n messages are now properly ignored\n\n", "cvss3": {}, "published": "2016-12-05T19:07:18", "type": "suse", "title": "Security update for Mozilla Firefox, Thunderbird and NSS (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2016-12-05T19:07:18", "id": "OPENSUSE-SU-2016:3011-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00010.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2022-06-28T22:05:58", "description": "## Summary\n\nThere are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.5 of IBM SONAS\n\n## Vulnerability Details\n\nIBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These vulnerabilities concern the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service. \n \n**CVEID:** [_CVE-2016-5291_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291>)** \nDESCRIPTION:** Mozilla Firefox could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using local shortcut files to load arbitrary local content from disk and bypass same-origin policy. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118934_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118934>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5297_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an argument length checking error may occur in JavaScript. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to trigger an integer overflow and execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9064_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a man-in-the-middle attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a signed add-on to bypass certificate pinning protection and conduct a man-in-the-middle attack between the user and the add-on update server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118926_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118926>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-9066_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by an integer overflow in nsScriptLoadHandler. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118928_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118928>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running code releases 1.5.1.0 to 1.5.2.5\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied.\n\n## Workarounds and Mitigations\n\nWorkaround(s) : \nNormal operation of IBM SONAS does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM SONAS system to access the Internet. \n \nMitigation: None\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 May 2017: First draft\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nCQ S1063350 [PSIRT 7254] IBM product record 87688 for IFS and 87689 for SONAS - Open Source Mozilla Firefox Vulnerabilities\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)->Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.5\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:33:15", "type": "ibm", "title": "Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5291", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066"], "modified": "2018-06-18T00:33:15", "id": "866671D49CDD6F2D149E9EFDE55198073DD8C70E52CD0D773C383F6D40F3F73A", "href": "https://www.ibm.com/support/pages/node/697393", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:13:37", "description": "## Summary\n\nThere is a vulnerability in Mozilla NSS to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem\u2122 900 are susceptible. An exploit of this vulnerability (CVE-2016-9074) could make the system susceptible to timing side-channel attacks which could be leveraged to allow launch of further attacks on the system. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9074_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074>) \n**DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could provide weaker than expected security, caused by an insufficient mitigation of timing side-channel attacks. An attacker could exploit this vulnerability to gain launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118942_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118942>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nFlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. \n \nSupported code versions which are affected \n\u00b7 VRMFs prior to 1.3.0.7 \n\u00b7 VRMFs prior to 1.4.5.0\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed Code VRMF __ \n_1.4 stream: 1.4.5.0 _ \n_1.3 stream: 1.3.0.7_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n22 December 2017 Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST2NVR\",\"label\":\"IBM FlashSystem 840\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Security Bulletin\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Product\":{\"code\":\"STKMQB\",\"label\":\"IBM FlashSystem 900\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Security Bulletin\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:36:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2018-06-18T00:36:15", "id": "A079CA67676503E95213F78F0E643AA0E3EBA8D2AECFD368FEC0DD7CB2B6EB1E", "href": "https://www.ibm.com/support/pages/node/698291", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:13:11", "description": "## Summary\n\nThere is a vulnerability in Mozilla NSS to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of this vulnerability (CVE-2016-9074) could make the system susceptible to timing side-channel attacks which could be leveraged to allow launch of further attacks on the system\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9074_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074>) \n**DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could provide weaker than expected security, caused by an insufficient mitigation of timing side-channel attacks. An attacker could exploit this vulnerability to gain launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118942_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118942>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nStorage Node machine type and models (MTMs) affected: 9840-AE1 and 9843-AE1 \nController Node MTMs affected: 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n \nSupported storage node code versions which are affected \n\u00b7 VRMFs prior to 1.3.0.7 \n\u00b7 VRMFs prior to 1.4.5.0 \n \nSupported controller node code versions which are affected \n\u00b7 VRMFs prior to 7.5.0.10 or 7.5.1.5 \n\u00b7 VRMFs prior to 7.6.1.7 \n\u00b7 VRMFs prior to 7.7.1.6 \n\u00b7 VRMFs prior to 7.8.0.2 or 7.8.1.0\n\n## Remediation/Fixes\n\n_V840 MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, & \n9848-AC1| _Code fixes are available, the minimum remediating VRMF by code stream: \n \n___Storage Node VRMF __ \n_1.4 stream: 1.4.5.0 _ \n_1.3 stream: 1.3.0.7_ \n \n__Controller Node VRMF __ \n_7.8 stream: 7.8.0.2 or 7.8.1.0_ \n_7.7 stream: 7.7.1.6_ \n_7.6 stream: 7.6.1.7_ \n_7.5 stream: 7.5.0.10 or 7.5.1.5_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n22 December 2017 Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"ST2HTZ\",\"label\":\"IBM FlashSystem V840\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"Security Bulletin\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:36:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in Mozilla Network Security Services (NSS) affects the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9074"], "modified": "2018-06-18T00:36:15", "id": "C5BC6A8A20C5E595B6773CB368EFD7BC771C03C2AD355C52EF7D05090227DAB5", "href": "https://www.ibm.com/support/pages/node/698289", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:01:03", "description": "## Summary\n\nThere are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.0.0 to 1.5.2.5 of IBM SONAS\n\n## Vulnerability Details\n\nIBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These vulnerabilities concern the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service. \n \n**CVEID:** [_CVE-2016-5290_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290>) \n**DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118920_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118920>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-5296_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Cairo when processing SVG content caused by compiler optimization. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118921_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118921>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2016-9079_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079>)** \nDESCRIPTION:** Mozilla Firefox and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in SVG Animation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119293_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119293>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-9895_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895>)** \nDESCRIPTION:** Mozilla Firefox allow a remote attacker to bypass cross-domain security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass inline JavaScript Content Security Policy (CSP) and cause event handlers on marquee elements to be executed. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119744_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-9893_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9897_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libGLES. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9898_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM subtrees in the Editor. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119747_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119747>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9899_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM events and removing audio elements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119743_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119743>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9900_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially-crafted SVG image, a remote attacker could exploit this vulnerability using data: URLs to gain access to restricted external resources. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-9901_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Pocket server. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary JavaScript in the about:pocket-saved page and access the Pocket messaging API. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119750_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119750>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9902_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary commands on the system, caused by an error in the Pocket toolbar. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to inject content and commands into the Pocket context. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119751_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119751>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9904_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment and obtain sensitive information. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n\n \nPlease contact [IBM support](<https://www-947.ibm.com/support/entry/portal/product/system_storage/network_attached_storage_%28nas%29/sonas/scale_out_network_attached_storage?productContext=-267772237>) for assistance in upgrading your system. \n\n## Workarounds and Mitigations\n\nWorkaround(s) : \nNormal operation of IBM SONAS does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM SONAS system to access the Internet. \n \nMitigation: None\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n6 Feb 2017 : First draft of security bulletin.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)->Scale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.5.2.5\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.5.2.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:15", "type": "ibm", "title": "Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904"], "modified": "2018-06-18T00:32:15", "id": "921DFDB03FD53AE441193B49E1E79D7A01B14E10BC6418004E92AF484A8DC73E", "href": "https://www.ibm.com/support/pages/node/696931", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:02:53", "description": "## Summary\n\nCloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-8985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a flaw in the pop_fail_stack function. By using a specially crafted extended regular expression, a remote attacker could cause an assertion failure and application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-8984](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by an out-of-bounds read in the fnmatch function. By using a malformed pattern, a remote attacker could cause the application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426>) \n** DESCRIPTION: **Python pydoc module could allow a remote attacker from within the local network obtain sensitive information. By starting the pydoc server, an attacker could exploit this vulnerability to extract arbitrary files. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2007-3716](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716>) \n** DESCRIPTION: **Sun JRE (Java Runtime Environment) and JDK (Java Developer's Kit) could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the XML Digital Signature implementation. By sending a specially-crafted XML signature containing a malicious XSLT stylesheet, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the application's permissions. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/35332](<https://exchange.xforce.ibmcloud.com/vulnerabilities/35332>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2017-18018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018>) \n** DESCRIPTION: **GNU Coreutils could allow a local attacker to bypass security restrictions, caused by not preventing replacement of a plain file with a symlink issue in chown-core.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to modify the ownership of arbitrary files. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-17101](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101>) \n** DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to obtain sensitive information, caused by improper input validation by the CUPS component. By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to obtain restricted memory information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-35448](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-26927](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26927>) \n** DESCRIPTION: **JasPer is vulnerable to a denial of service, caused by a NULL pointer dereference in jp2_decode in jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197351](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197351>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28153>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2017-13728](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728>) \n** DESCRIPTION: **GNU ncurses is vulnerable to a denial of service, caused by an error in the next_char function in comp_scan.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7613](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124513>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7612](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in the check_sysv_hash function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7611](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in check_symtab_shndx function in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124511](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124511>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7610](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read check_group function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124510](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124510>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7609](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory consumption in elf_compress.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124509>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7608](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in ebl_object_note_type_name function in eblobjnotetypename.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7607](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read handle_gnu_hash function in readelf.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10255](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in __libelf_set_rawdata_wrlock function in elf_getdata.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10254](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in allocate_elf function in common.h. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124086>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062>) \n** DESCRIPTION: **Libidn2 is vulnerable to a denial of service, caused by an integer overflow in the decode_digit function in puny_decode.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7245](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-4984](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4984>) \n** DESCRIPTION: **openldap-servers could allow a local authenticated attacker to obtain sensitive information, caused by a weak permission for /usr/libexec/openldap/generate-server-cert.sh issue. By leveraging a race condition between the creation of the certificate, a local attacker could exploit this vulnerability to obtain the TLS certificate. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129440](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129440>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-9318](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318>) \n** DESCRIPTION: **Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-4493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a denial of service, caused by a read access violation in demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty. An attacker could exploit this vulnerability using a specially crafted binary to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-13685](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the dump_callback function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131204](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131204>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483>) \n** DESCRIPTION: **GNU Wget could allow a local authenticated attacker to obtain sensitive information, caused by the storing of the origin URL in the user.xdg.origin.url metadata in the set_file_metadata function in xattr.c. By reading the metadata attribute, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-30720](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to access restricted ports on arbitrary servers. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-8908](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10707](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10707>) \n** DESCRIPTION: **jQuery is vulnerable to a denial of service, caused by removing a logic that lowercased attribute names. By using a mixed-cased name for boolean attributes, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138030](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138030>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18074](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074>) \n** DESCRIPTION: **The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by sending information in an insecure manner. By sniffing the network, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-3721](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721>) \n** DESCRIPTION: **Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the prototype of Object, an attacker could exploit this vulnerability to add or modify existing property that will exist on all objects. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-18874](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18874>) \n** DESCRIPTION: **psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14145](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145>) \n** DESCRIPTION: **OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-24025](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24025>) \n** DESCRIPTION: **node-sass could allow a remote attacker to bypass security restrictions, caused by the disablement of certificate validation when requesting binaries even if the user is not specifying an alternative download path. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-24370](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24370>) \n** DESCRIPTION: **Lua is vulnerable to a denial of service, caused by a negation overflow and segmentation fault in getlocal and setlocal. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-28168](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168>) \n** DESCRIPTION: **Node.js axios module is vulnerable to server-side request forgery, caused by improper input validation. By providing a URL that responds with a redirect to a restricted host or IP address, an attacker could exploit this vulnerability to conduct SSRF attack to bypass a proxy. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-30641](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641>) \n** DESCRIPTION: **Apache HTTP Server could provide weaker than expected security, caused by unexpected URL matching behavior with 'MergeSlashes OFF. An attacker could exploit this vulnerability to match URLs from all sites in the same domain and launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31535](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535>) \n** DESCRIPTION: **X.Org libX11 is vulnerable to a denial of service, caused by improper input validation by the length of the string parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause emission of extra X protocol requests to the X server, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202043](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202043>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33503](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503>) \n** DESCRIPTION: **urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203109](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203109>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33928](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33928>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33929](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33929>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_disabled_solvable in src/repo.h. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33930](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33930>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable_whatprovides in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33938>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the prune_to_recommended in src/policy.c function. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208663](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208663>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35559](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35561](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35586](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29362](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362>) \n** DESCRIPTION: **p11-glue p11-kit could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read flaw in the RPC protocol. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain up to 4 bytes of memory past the heap allocation, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-6891](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891>) \n** DESCRIPTION: **GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4008](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by improper handling of the ASN1_DECODE_FLAG_STRICT_DER flag in _asn1_extract_der_octet function in lib/decoding.c. By using a malformed certificate, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113127](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113127>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-8817](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds read flaw in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH). By using a string that ends with an '[' character, an attacker could exploit this vulnerability to redirect the victim to an arbitrary site. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8625](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625>) \n** DESCRIPTION: **cURL/libcurl could provide weaker than expected security, caused by the translation of International Domain Names (IDNA) to puny code for DNS resolving using the IDNA 2003 standard. An attacker could exploit this vulnerability to issue network transfer requests to the wrong host. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8624](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the authority component of the URL when handling '#' character. By using a specially-crafted URL with '#' character, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118642](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118642>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to obtain sensitive information, caused by an out of bounds read error within the curl_getdate function. By using specially-crafted date strings, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-8616](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protocol which supports connection-scoped credentials, an attacker could exploit this vulnerability to cause a connection to be reused. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8615](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615>) \n** DESCRIPTION: **cURL/libcurl is vulnerable to cookie injection, caused by an error related to fgets() function. By using a malicious server that sends a very long cookie name and value, a remote attacker could exploit this vulnerability to inject a malicious cookie for arbitrary domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924>) \n** DESCRIPTION: **An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-0755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755>) \n** DESCRIPTION: **Libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to check NTLM-authenticated proxy connections for reuse. An attacker could exploit this vulnerability to use a proxy connection for a different authenticated client username. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-13050](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050>) \n** DESCRIPTION: **GNU Privacy Guard (GnuPG) is vulnerable to a denial of service, caused by a certificate spamming attack when referring to a host on the SKS keyserver network in the keyserver configuration. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-5276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could provide weaker than expected security, caused by the failure to properly handle short reads from blocking sources by the std::random_device class in libstdc++. A remote attacker could exploit thsi vulnerability to predict random values. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-19645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an infinite recursion flaw in alter.c. By sending a specially-crafted request using certain types of self-referential views in conjunction with ALTER TABLE statements, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172774>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19880](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an invalid pointer dereference in exprListAppendList in window.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by the mishandling of certain parser-tree rewriting in the sqlite3WindowRewrite function in expr.c, vdbeaux.c, and window.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-8457](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13631](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631>) \n** DESCRIPTION: **SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and build.c. By sending a specially crafted request, an attacker could exploit this vulnerability to rename the virtual table to the name of one of its shadow tables. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2017-9233](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by a XML External Entity vulnerability in the parser. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-5300](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization. By using specially-crafted identifiers in an XML document, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114435](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114435>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-4472](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the removal by compilers with certain optimization settings. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114683](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114683>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2695](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established SPNEGO context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107874](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107874>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2696](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established IAKERB context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906>) \n** DESCRIPTION: **cyrus-sasl is vulnerable to a denial of service, caused by an off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP packet, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1234](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a stack-based buffer overflow within the glob implementation when GLOB_ALTDIRFUNC is used. A remote attacker could exploit this vulnerability using an overly long name to overflow a buffer and cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26154](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26154>) \n** DESCRIPTION: **libproxy is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted PAC file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189418](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189418>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13645>) \n** DESCRIPTION: **GNOME glib-networking is vulnerable to a man-in-the-middle attack, caused by missing hostname verification in the server TLS certificate in the implementation of GTlsClientConnection. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-16435](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435>) \n** DESCRIPTION: **Little CMS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the AllocateDataSet function in cmscgats.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149326](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149326>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2008-3105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an error in XML data processing. An attacker could exploit this vulnerability using the JAX-WS client or a service in a trusted application to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43657>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2021-22931](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3672](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672>) \n** DESCRIPTION: **The c-ares library could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause the output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-3153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153>) \n** DESCRIPTION: **cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2016-8617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617>) \n** DESCRIPTION: **cURL/libcurl could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out of bounds write in the base64 encode function. By using a specially crafted username, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3859](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev functions. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3860](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with empty payloads. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13558](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13558>) \n** DESCRIPTION: **WebKitGTK and WPE WebKit could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the AudioSourceProviderGStreamer class. By persuading a victim to open specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1788](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1788>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1789](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195893>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1844](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1844>) \n** DESCRIPTION: **Apple Safari, macOS Big Sur, iOS, iPadOS and watchOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1870](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1871](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21779](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebKit componenet. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21806](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806>) \n** DESCRIPTION: **WebKit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in fireEventListeners. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663>) \n** DESCRIPTION: **Apple iOS, iPadOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201120](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201120>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30665](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665>) \n** DESCRIPTION: **Apple iOS, iPadOS, watchOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201119](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201119>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30734](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202347](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202347>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30758](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an error in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206133>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30799](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799>) \n** DESCRIPTION: **Apple macOS Catalina could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206131>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13565](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565>) \n** DESCRIPTION: **OpenLDAP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an error when using SASL authentication and session encryption. An attacker could exploit this vulnerability to gain privileges on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276>) \n** DESCRIPTION: **GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924>) \n** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520>) \n** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796>) \n** DESCRIPTION: **Vim is vulnerable to a denial of service, caused by a use-after-free in nv_replace. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2019-13115](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762>) \n** DESCRIPTION: **json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182094](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182094>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27828](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828>) \n** DESCRIPTION: **Jasper is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the cp_create() in jpc_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27918](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the device. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191303](<
Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows
