SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)
2017-02-03T00:00:00
ID OPENVAS:1361412562310851484 Type openvas Reporter Copyright (C) 2017 Greenbone Networks GmbH Modified 2018-11-16T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2017_0358_1.nasl 12381 2018-11-16 11:16:30Z cfischer $
#
# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.851484");
script_version("$Revision: 12381 $");
script_tag(name:"last_modification", value:"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $");
script_tag(name:"creation_date", value:"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)");
script_cve_id("CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376",
"CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380",
"CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384",
"CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388",
"CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5392",
"CVE-2017-5393", "CVE-2017-5394", "CVE-2017-5395", "CVE-2017-5396");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"This update for MozillaFirefox to version 51.0.1 fixes security issues and
bugs.
These security issues were fixed:
* CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and
DEP (bmo#1325200, boo#1021814)
* CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
CVE-2017-5377: Memory corruption with transforms to create gradients in
Skia (bmo#1306883, boo#1021826)
* CVE-2017-5378: Pointer and frame data leakage of Javascript objects
(bmo#1312001, bmo#1330769, boo#1021818)
* CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198, boo#1021827)
* CVE-2017-5380: Potential use-after-free during DOM manipulations
(bmo#1322107, boo#1021819)
* CVE-2017-5390: Insecure communication methods in Developer Tools JSON
viewer (bmo#1297361, boo#1021820)
* CVE-2017-5389: WebExtensions can install additional add-ons via modified
host requests (bmo#1308688, boo#1021828)
* CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,
boo#1021821)
* CVE-2017-5381: Certificate Viewer exporting can be used to navigate and
save to arbitrary filesystem locations (bmo#1017616, boo#1021830)
* CVE-2017-5382: Feed preview can expose privileged content errors and
exceptions (bmo#1295322, boo#1021831)
* CVE-2017-5383: Location bar spoofing with unicode characters
(bmo#1323338, bmo#1324716, boo#1021822)
* CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
(bmo#1255474, boo#1021832)
* CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
response headers (bmo#1295945, boo#1021833)
* CVE-2017-5386: WebExtensions can use data: protocol to affect other
extensions (bmo#1319070, boo#1021823)
* CVE-2017-5391: Content about: pages can load privileged about: pages
(bmo#1309310, boo#1021835)
* CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
mozAddonManager (bmo#1309282, boo#1021837)
* CVE-2017-5387: Disclosure of local file existence through TRACK tag
error messages (bmo#1295023, boo#1021839)
* CVE-2017-5388: WebRTC can be used to generate a large amount of UDP
traffic for DDOS attacks (bmo#1281482, boo#1021840)
* CVE-2017-5374: Memory safety bugs (boo#1021841)
* CVE-2017-5373: Memory safety bugs (boo#1021824)
These non-security issues in MozillaFirefox were fixed:
* Added support for FLAC (Free Lossless Audio Codec) playback
* Added support for WebGL 2
* Added Georgian (ka) and Kabyle (kab) locales
* Support saving passwords for forms without 'submit' events
* Improved video performance for users without GPU acceleration
* Zoom indicator is shown ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"affected", value:"MozillaFirefox on openSUSE Leap 42.1");
script_tag(name:"solution", value:"Please install the updated packages.");
script_xref(name:"openSUSE-SU", value:"2017:0358_1");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap42\.1");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "openSUSELeap42.1")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-buildsymbols", rpm:"MozillaFirefox-buildsymbols~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~51.0.1~50.2", rls:"openSUSELeap42.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310851484", "bulletinFamily": "scanner", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "description": "The remote host is missing an update for the ", "published": "2017-02-03T00:00:00", "modified": "2018-11-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017:0358_1"], "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "type": "openvas", "lastseen": "2018-11-19T12:57:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of MozillaFirefox", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "37f341c78c28b7ad7431ae33bbef6712def05fd4dfa592ab12376de694f57017", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "3bd20ecf9aa68b3f2e17320ea0bf03e6", "key": "sourceData"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "95885b004bb37d8a0cb114555f589492", "key": "modified"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2018-08-30T19:19:18", "modified": "2018-08-18T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 11044 2018-08-18 15:12:40Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 11044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-18 17:12:40 +0200 (Sat, 18 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-08-30T19:19:18"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of MozillaFirefox", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2eecea871fe6e092d9c62925d48303b4361cdc813a986806051ccc654c619a1b", "hashmap": [{"hash": "5b848d2648e1ab5e5f72990b21e1966c", "key": "modified"}, {"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "24cbd3d2c8a1d2c00ac30b6709532b5b", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2018-08-03T12:03:10", "modified": "2017-12-08T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 8048 2017-12-08 09:05:48Z santu $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 8048 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:05:48 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-08-03T12:03:10"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of MozillaFirefox", "edition": 1, "enchantments": {}, "hash": "9329253d0ef81ee1011051c5beeabef7cd05a06085cb2d46ec462f08340b93bb", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1fea681b409c739584aef3ad668a630", "key": "references"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "modified"}, {"hash": "43a6871564981eca7d7562307a0cffbd", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2017-07-02T21:14:26", "modified": "2017-02-03T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1", "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 5178 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-03 07:56:31 +0100 (Fri, 03 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:opensuse:opensuse\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:14:26"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of MozillaFirefox", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6597435f0e00d8b778fe3feacdfbd69aa77212c476ceda6375d6f2e1cf7cc4e7", "hashmap": [{"hash": "5b848d2648e1ab5e5f72990b21e1966c", "key": "modified"}, {"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "24cbd3d2c8a1d2c00ac30b6709532b5b", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2017-12-12T11:21:50", "modified": "2017-12-08T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 8048 2017-12-08 09:05:48Z santu $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 8048 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:05:48 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-12-12T11:21:50"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of MozillaFirefox", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8362303ac59eb954536b2bb03b567e450e4cccbd30bc88a7ba059d87e413088d", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "3bd20ecf9aa68b3f2e17320ea0bf03e6", "key": "sourceData"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "95885b004bb37d8a0cb114555f589492", "key": "modified"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2018-09-01T23:42:04", "modified": "2018-08-18T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 11044 2018-08-18 15:12:40Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 11044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-18 17:12:40 +0200 (Sat, 18 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2018-09-01T23:42:04"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Check the version of MozillaFirefox", "edition": 2, "enchantments": {}, "hash": "edcc1062d265dbc00fb377154fac4cce212b2f0ff2e6e7fa7e78e01eee96a757", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "68288cddb572a0489de925e9582f6463", "key": "sourceData"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1fea681b409c739584aef3ad668a630", "key": "references"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}, {"hash": "bf6febede5ca68e35fdf4a0f47b4ef18", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2017-07-26T08:56:34", "modified": "2017-07-11T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1", "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 6677 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:58:27 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_xref(name: \"URL\" , value: \"http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 2, "lastseen": "2017-07-26T08:56:34"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of MozillaFirefox", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8362303ac59eb954536b2bb03b567e450e4cccbd30bc88a7ba059d87e413088d", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "3bd20ecf9aa68b3f2e17320ea0bf03e6", "key": "sourceData"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "95885b004bb37d8a0cb114555f589492", "key": "modified"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2018-08-24T21:18:37", "modified": "2018-08-18T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 11044 2018-08-18 15:12:40Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 11044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-18 17:12:40 +0200 (Sat, 18 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name: \"summary\", value: \"Check the version of MozillaFirefox\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-24T21:18:37"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2017-5393", "CVE-2017-5389", "CVE-2017-5385", "CVE-2017-5383", "CVE-2017-5373", "CVE-2017-5392", "CVE-2017-5379", "CVE-2017-5396", "CVE-2017-5378", "CVE-2017-5394", "CVE-2017-5380", "CVE-2017-5395", "CVE-2017-5388", "CVE-2017-5374", "CVE-2017-5390", "CVE-2017-5377", "CVE-2017-5382", "CVE-2017-5387", "CVE-2017-5381", "CVE-2017-5391", "CVE-2017-5376", "CVE-2017-5384", "CVE-2017-5375", "CVE-2017-5386"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Check the version of MozillaFirefox", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d668e4d041970731bab2b98a6e7a977596151b7f8ca2a46866b93755deb74e90", "hashmap": [{"hash": "a2323bbbec1269474bb5afba0147298f", "key": "reporter"}, {"hash": "a49d5645aa6ef9c6ca22a99e4cb866d9", "key": "references"}, {"hash": "01fa9619bd76b57207871fc7fbb9388f", "key": "pluginID"}, {"hash": "c7390e0f2371da5fba4bcece450adff6", "key": "description"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b5348bdaf143de7f1627a4373bd7d0b0", "key": "published"}, {"hash": "7bf0fdabb38556124c6b705a886fbaf6", "key": "cvelist"}, {"hash": "ca08869f1f5972d367a5b334cbc7d4cf", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "38f3ba604f2aa165de1213323ff463b8", "key": "href"}, {"hash": "f1206156fb9ac7c6d355a02bc825a100", "key": "title"}, {"hash": "15260afb3c76071066e57a3c89eb86b9", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851484", "id": "OPENVAS:1361412562310851484", "lastseen": "2018-11-12T12:42:12", "modified": "2018-11-09T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310851484", "published": "2017-02-03T00:00:00", "references": ["2017:0358_1"], "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 12294 2018-11-09 15:31:55Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 12294 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-09 16:31:55 +0100 (Fri, 09 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\",\n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\",\n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\",\n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\",\n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\",\n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"Check the version of MozillaFirefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198, boo#1021827)\n\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n\n * Added support for WebGL 2\n\n * Added Georgian (ka) and Kabyle (kab) locales\n\n * Support saving passwords for forms without 'submit' events\n\n * Improved video performance for users without GPU acceleration\n\n * Zoom indicator is shown ...\n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)", "type": "openvas", "viewCount": 1}, "differentElements": ["description", "modified", "sourceData"], "edition": 8, "lastseen": "2018-11-12T12:42:12"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "7bf0fdabb38556124c6b705a886fbaf6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "1693b96dcccf4fbcd463bf8baaa2bf3f"}, {"key": "href", "hash": "38f3ba604f2aa165de1213323ff463b8"}, {"key": "modified", "hash": "342cc90fff603913e7fb1060eccdf48e"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "01fa9619bd76b57207871fc7fbb9388f"}, {"key": "published", "hash": "b5348bdaf143de7f1627a4373bd7d0b0"}, {"key": "references", "hash": "a49d5645aa6ef9c6ca22a99e4cb866d9"}, {"key": "reporter", "hash": "a2323bbbec1269474bb5afba0147298f"}, {"key": "sourceData", "hash": "811fef810b9fab37cbebc36ebc8d8c0b"}, {"key": "title", "hash": "f1206156fb9ac7c6d355a02bc825a100"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "6eab1abc7b4c21d0aa857eba754f8513713db36ea82aa682aacdffd3d1bd5714", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310809875", "OPENVAS:1361412562310843043", "OPENVAS:1361412562310809876", "OPENVAS:1361412562310843028", "OPENVAS:1361412562310809877", "OPENVAS:1361412562310882644", "OPENVAS:1361412562310703771", "OPENVAS:1361412562310882642", "OPENVAS:1361412562310809878", "OPENVAS:1361412562310882641"]}, {"type": "nessus", "idList": ["MACOSX_FIREFOX_51.NASL", "UBUNTU_USN-3175-1.NASL", "UBUNTU_USN-3175-2.NASL", "MOZILLA_FIREFOX_51.NASL", "FREEBSD_PKG_E60169C4AA8646B08AE20D81F683DF09.NASL", "OPENSUSE-2017-187.NASL", "MACOSX_FIREFOX_45_7_ESR.NASL", "SLACKWARE_SSA_2017-026-01.NASL", "DEBIAN_DLA-800.NASL", "SUSE_SU-2017-0426-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-3175-2", "USN-3175-1"]}, {"type": "freebsd", "idList": ["E60169C4-AA86-46B0-8AE2-0D81F683DF09"]}, {"type": "kaspersky", "idList": ["KLA10953", "KLA10956"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0358-1", "SUSE-SU-2017:0426-1", "SUSE-SU-2017:0427-1"]}, {"type": "redhat", "idList": ["RHSA-2017:0190", "RHSA-2017:0238"]}, {"type": "gentoo", "idList": ["GLSA-201702-22", "GLSA-201702-13"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0190", "ELSA-2017-0238"]}, {"type": "centos", "idList": ["CESA-2017:0190", "CESA-2017:0238"]}, {"type": "debian", "idList": ["DEBIAN:DLA-800-1:36A02", "DEBIAN:DSA-3771-1:9FE2D", "DEBIAN:DSA-3832-1:2645B", "DEBIAN:DLA-896-1:AEB5D"]}, {"type": "slackware", "idList": ["SSA-2017-026-01"]}, {"type": "threatpost", "idList": ["THREATPOST:F2ADBC39AC760D624DF2B40B8E80BCC2"]}, {"type": "cve", "idList": ["CVE-2017-5394", "CVE-2017-5389", "CVE-2017-5395", "CVE-2017-5384", "CVE-2017-5382", "CVE-2017-5377", "CVE-2017-5385", "CVE-2017-5374", "CVE-2017-5373", "CVE-2017-5387"]}], "modified": "2018-11-19T12:57:30"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2017_0358_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851484\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:19 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\",\n \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\",\n \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\",\n \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\",\n \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\",\n \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for MozillaFirefox openSUSE-SU-2017:0358-1 (MozillaFirefox)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198, boo#1021827)\n\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n\n * Added support for WebGL 2\n\n * Added Georgian (ka) and Kabyle (kab) locales\n\n * Support saving passwords for forms without 'submit' events\n\n * Improved video performance for users without GPU acceleration\n\n * Zoom indicator is shown ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0358_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~51.0.1~50.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "1361412562310851484"}
{"nessus": [{"lastseen": "2019-02-21T01:29:12", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 51. It is, therefore, affected by the following vulnerabilities :\n\n - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374)\n\n - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)\n\n - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.\n (CVE-2017-5377)\n\n - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378)\n\n - Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379)\n\n - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)\n\n - The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381)\n\n - Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382)\n\n - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383)\n\n - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384)\n\n - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.\n (CVE-2017-5385)\n\n - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The existence of a specifically requested local file can be found due to the double firing of the 'onerror' when the 'source' attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387)\n\n - A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388)\n\n - WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.\n (CVE-2017-5389)\n\n - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390)\n\n - Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe.\n If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391)\n\n - The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.\n (CVE-2017-5393)\n\n - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_51.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96774", "published": "2017-01-25T00:00:00", "title": "Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96774);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-5373\",\n \"CVE-2017-5374\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5377\",\n \"CVE-2017-5378\",\n \"CVE-2017-5379\",\n \"CVE-2017-5380\",\n \"CVE-2017-5381\",\n \"CVE-2017-5382\",\n \"CVE-2017-5383\",\n \"CVE-2017-5384\",\n \"CVE-2017-5385\",\n \"CVE-2017-5386\",\n \"CVE-2017-5387\",\n \"CVE-2017-5388\",\n \"CVE-2017-5389\",\n \"CVE-2017-5390\",\n \"CVE-2017-5391\",\n \"CVE-2017-5393\",\n \"CVE-2017-5396\"\n );\n script_bugtraq_id(\n 95757,\n 95758,\n 95759,\n 95761,\n 95762,\n 95763,\n 95769\n );\n script_xref(name:\"MFSA\", value:\"2017-01\");\n\n script_name(english:\"Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 51. It is, therefore, affected by the following\nvulnerabilities :\n\n - Mozilla developers and community members Christian\n Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\n Schuster, and Oriol reported memory safety bugs present\n in Firefox 50.1 and Firefox ESR 45.6. Some of these\n bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these\n could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - Mozilla developers and community members Gary Kwong,\n Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew\n McCreight, Chris Pearce, Ronald Crane, Jan de Mooij,\n Julian Seward, Nicolas Pierron, Randell Jesup, Esther\n Monchari, Honza Bambas, and Philipp reported memory\n safety bugs present in Firefox 50.1. Some of these bugs\n showed evidence of memory corruption and we presume\n that with enough effort that some of these could be\n exploited to run arbitrary code. (CVE-2017-5374)\n\n - JIT code allocation can allow for a bypass of ASLR and\n DEP protections leading to potential memory corruption\n attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents\n (CVE-2017-5376)\n\n - A memory corruption vulnerability in Skia that can\n occur when using transforms to make gradients,\n resulting in a potentially exploitable crash.\n (CVE-2017-5377)\n\n - Hashed codes of JavaScript objects are shared between\n pages. This allows for pointer leaks because an object's\n address can be discovered through hash codes, and also\n allows for data leakage of an object's content using\n these hash codes. (CVE-2017-5378)\n\n - Use-after-free vulnerability in Web Animations when\n interacting with cycle collection found through\n fuzzing. (CVE-2017-5379)\n\n - A potential use-after-free found through fuzzing during\n DOM manipulation of SVG content. (CVE-2017-5380)\n\n - The 'export' function in the Certificate Viewer can\n force local filesystem navigation when the 'common\n name' in a certificate contains slashes, allowing\n certificate content to be saved in unsafe locations\n with an arbitrary filename. (CVE-2017-5381)\n\n - Feed preview for RSS feeds can be used to capture\n errors and exceptions generated by privileged content,\n allowing for the exposure of internal information not\n meant to be seen by web content. (CVE-2017-5382)\n\n - URLs containing certain unicode glyphs for alternative\n hyphens and quotes do not properly trigger punycode\n display, allowing for domain name spoofing attacks in\n the location bar. (CVE-2017-5383)\n\n - Proxy Auto-Config (PAC) files can specify a JavaScript\n function called for all URL requests with the full URL\n path which exposes more information than would be sent\n to the proxy itself in the case of HTTPS. Normally the\n Proxy Auto-Config file is specified by the user or\n machine owner and presumed to be non-malicious, but if\n a user has enabled Web Proxy Auto Detect (WPAD) this\n file can be served remotely. (CVE-2017-5384)\n\n - Data sent with in multipart channels, such as the\n multipart/x-mixed-replace MIME type, will ignore the\n referrer-policy response header, leading to potential\n information disclosure for sites using this header.\n (CVE-2017-5385)\n\n - WebExtension scripts can use the 'data:' protocol to\n affect pages loaded by other web extensions using this\n protocol, leading to potential data disclosure or\n privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The existence of a specifically requested local file\n can be found due to the double firing of the 'onerror'\n when the 'source' attribute on a <track> tag refers to\n a file that does not exist if the source page is loaded\n locally. (CVE-2017-5387)\n\n - A STUN server in conjunction with a large number of\n 'webkitRTCPeerConnection' objects can be used to send\n large STUN packets in a short period of time due to a\n lack of rate limiting being applied on e10s systems,\n allowing for a denial of service attack. (CVE-2017-5388)\n\n - WebExtensions could use the 'mozAddonManager' API by\n modifying the CSP headers on sites with the appropriate\n permissions and then using host requests to redirect\n script loads to a malicious site. This allows a\n malicious extension to then install additional\n extensions without explicit user permission.\n (CVE-2017-5389)\n\n - The JSON viewer in the Developer Tools uses insecure\n methods to create a communication channel for copying\n and viewing JSON or HTTP headers data, allowing for\n potential privilege escalation. (CVE-2017-5390)\n\n - Special 'about:' pages used by web content, such as RSS\n feeds, can load privileged 'about:' pages in an iframe.\n If a content-injection bug were found in one of those\n pages this could allow for potential privilege\n escalation. (CVE-2017-5391)\n\n - The 'mozAddonManager' allows for the installation of\n extensions from the CDN for addons.mozilla.org, a\n publicly accessible site. This could allow malicious\n extensions to install additional extensions from the CDN\n in combination with an XSS attack on Mozilla AMO sites.\n (CVE-2017-5393)\n\n - A use-after-free vulnerability in the Media Decoder\n when working with media files when some events are\n fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1017616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1255474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1281482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1293327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1300145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1302231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1306883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1307458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1308688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1313385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1315447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1317501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1318766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058\");\n # https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d11b233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 51.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'51', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:17", "bulletinFamily": "scanner", "description": "Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5375)\n\nNicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5377)\n\nJann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations.\n(CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information.\n(CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information.\n(CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission.\n(CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5396).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3175-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96872", "published": "2017-01-30T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3175-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96872);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5393\", \"CVE-2017-5396\");\n script_xref(name:\"USN\", value:\"3175-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple memory safety issues were discovered in Firefox. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2017-5373,\nCVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5375)\n\nNicolas Gregoire discovered a use-after-free when manipulating XSL in\nXSLT documents in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5377)\n\nJann Horn discovered that an object's address could be discovered\nthrough hashed codes of JavaScript objects shared between pages. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content\nin some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the Certificate\nViewer can force local filesystem navigation when the Common Name\ncontains slashes. If a user were tricked in to exporting a specially\ncrafted certificate, an attacker could potentially exploit this to\nsave content with arbitrary filenames in unsafe locations.\n(CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used\nto capture errors and exceptions generated by privileged content. An\nattacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger\npunycode display. An attacker could potentially exploit this to spoof\nthe URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is\nexposed to JavaScript functions specified by Proxy Auto-Config (PAC)\nfiles. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will\nignore the Referrer-Policy response headers. An attacker could\npotentially exploit this to obtain sensitive information.\n(CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other\nextensions using the data: protocol. If a user were tricked in to\ninstalling a specially crafted addon, an attacker could potentially\nexploit this to obtain sensitive information or gain additional\nprivileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be\ndetermined using the <track> element. An attacker could potentially\nexploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large\namounts of UDP traffic. An attacker could potentially exploit this to\nconduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the\nmozAddonManager API by modifying the CSP headers on sites with the\nappropriate permissions and then using host requests to redirect\nscript loads to a malicious site. If a user were tricked in to\ninstalling a specially crafted addon, an attacker could potentially\nexploit this to install additional addons without user permission.\n(CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools\nJSON Viewer. An attacker could potentially exploit this to gain\nadditional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load\nprivileged about: pages in iframes. An attacker could potentially\nexploit this to gain additional privileges, in combination with a\ncontent-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the\ninstallation of extensions from the CDN for addons.mozilla.org, a\npublicly accessible site. If a user were tricked in to installing a\nspecially crafted addon, an attacker could potentially exploit this,\nin combination with a cross-site scripting (XSS) attack on Mozilla's\nAMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some\ncircumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5396).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3175-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:22", "bulletinFamily": "scanner", "description": "USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information.\n(CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers.\nAn attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2017-5396).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3175-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97047", "published": "2017-02-07T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3175-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97047);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5393\", \"CVE-2017-5396\");\n script_xref(name:\"USN\", value:\"3175-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3175-1 fixed vulnerabilities in Firefox. The update caused a\nregression on systems where the AppArmor profile for Firefox is set to\nenforce mode. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMultiple memory safety issues were discovered in Firefox. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2017-5373,\nCVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections\nin some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gregoire discovered a use-after-free when\nmanipulating XSL in XSLT documents in some circumstances. If\na user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute\narbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia\nin some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object's address could be\ndiscovered through hashed codes of JavaScript objects shared\nbetween pages. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to obtain sensitive information.\n(CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some\ncircumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of\nSVG content in some circumstances. If a user were tricked in\nto opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code.\n(CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the\nCertificate Viewer can force local filesystem navigation\nwhen the Common Name contains slashes. If a user were\ntricked in to exporting a specially crafted certificate, an\nattacker could potentially exploit this to save content with\narbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds\ncan be used to capture errors and exceptions generated by\nprivileged content. An attacker could potentially exploit\nthis to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not\ntrigger punycode display. An attacker could potentially\nexploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL\npath is exposed to JavaScript functions specified by Proxy\nAuto-Config (PAC) files. If a user has enabled Web Proxy\nAuto Detect (WPAD), an attacker could potentially exploit\nthis to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart\nchannels will ignore the Referrer-Policy response headers.\nAn attacker could potentially exploit this to obtain\nsensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect\nother extensions using the data: protocol. If a user were\ntricked in to installing a specially crafted addon, an\nattacker could potentially exploit this to obtain sensitive\ninformation or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files\ncan be determined using the <track> element. An attacker\ncould potentially exploit this to obtain sensitive\ninformation. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to\ngenerate large amounts of UDP traffic. An attacker could\npotentially exploit this to conduct Distributed\nDenial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the\nmozAddonManager API by modifying the CSP headers on sites\nwith the appropriate permissions and then using host\nrequests to redirect script loads to a malicious site. If a\nuser were tricked in to installing a specially crafted\naddon, an attacker could potentially exploit this to install\nadditional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the\nDev Tools JSON Viewer. An attacker could potentially exploit\nthis to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can\nload privileged about: pages in iframes. An attacker could\npotentially exploit this to gain additional privileges, in\ncombination with a content-injection bug in one of those\nabout: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for\nthe installation of extensions from the CDN for\naddons.mozilla.org, a publicly accessible site. If a user\nwere tricked in to installing a specially crafted addon, an\nattacker could potentially exploit this, in combination with\na cross-site scripting (XSS) attack on Mozilla's AMO sites,\nto install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media\ndecoder in some circumstances. If a user were tricked in to\nopening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code.\n(CVE-2017-5396).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3175-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"51.0.1+build2-0ubuntu0.16.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:12", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities :\n\n - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374)\n\n - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)\n\n - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.\n (CVE-2017-5377)\n\n - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378)\n\n - Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379)\n\n - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)\n\n - The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381)\n\n - Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382)\n\n - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383)\n\n - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384)\n\n - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.\n (CVE-2017-5385)\n\n - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The existence of a specifically requested local file can be found due to the double firing of the 'onerror' when the 'source' attribute on a <track> tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387)\n\n - A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388)\n\n - WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.\n (CVE-2017-5389)\n\n - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390)\n\n - Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe.\n If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391)\n\n - The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.\n (CVE-2017-5393)\n\n - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-16T00:00:00", "id": "MOZILLA_FIREFOX_51.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96776", "published": "2017-01-25T00:00:00", "title": "Mozilla Firefox < 51.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96776);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2017-5373\",\n \"CVE-2017-5374\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5377\",\n \"CVE-2017-5378\",\n \"CVE-2017-5379\",\n \"CVE-2017-5380\",\n \"CVE-2017-5381\",\n \"CVE-2017-5382\",\n \"CVE-2017-5383\",\n \"CVE-2017-5384\",\n \"CVE-2017-5385\",\n \"CVE-2017-5386\",\n \"CVE-2017-5387\",\n \"CVE-2017-5388\",\n \"CVE-2017-5389\",\n \"CVE-2017-5390\",\n \"CVE-2017-5391\",\n \"CVE-2017-5393\",\n \"CVE-2017-5396\"\n );\n script_bugtraq_id(\n 95757,\n 95758,\n 95759,\n 95761,\n 95762,\n 95763,\n 95769\n );\n script_xref(name:\"MFSA\", value:\"2017-01\");\n\n script_name(english:\"Mozilla Firefox < 51.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 51.0. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Mozilla developers and community members Christian\n Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\n Schuster, and Oriol reported memory safety bugs present\n in Firefox 50.1 and Firefox ESR 45.6. Some of these\n bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these\n could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - Mozilla developers and community members Gary Kwong,\n Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew\n McCreight, Chris Pearce, Ronald Crane, Jan de Mooij,\n Julian Seward, Nicolas Pierron, Randell Jesup, Esther\n Monchari, Honza Bambas, and Philipp reported memory\n safety bugs present in Firefox 50.1. Some of these bugs\n showed evidence of memory corruption and we presume\n that with enough effort that some of these could be\n exploited to run arbitrary code. (CVE-2017-5374)\n\n - JIT code allocation can allow for a bypass of ASLR and\n DEP protections leading to potential memory corruption\n attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents\n (CVE-2017-5376)\n\n - A memory corruption vulnerability in Skia that can\n occur when using transforms to make gradients,\n resulting in a potentially exploitable crash.\n (CVE-2017-5377)\n\n - Hashed codes of JavaScript objects are shared between\n pages. This allows for pointer leaks because an object's\n address can be discovered through hash codes, and also\n allows for data leakage of an object's content using\n these hash codes. (CVE-2017-5378)\n\n - Use-after-free vulnerability in Web Animations when\n interacting with cycle collection found through\n fuzzing. (CVE-2017-5379)\n\n - A potential use-after-free found through fuzzing during\n DOM manipulation of SVG content. (CVE-2017-5380)\n\n - The 'export' function in the Certificate Viewer can\n force local filesystem navigation when the 'common\n name' in a certificate contains slashes, allowing\n certificate content to be saved in unsafe locations\n with an arbitrary filename. (CVE-2017-5381)\n\n - Feed preview for RSS feeds can be used to capture\n errors and exceptions generated by privileged content,\n allowing for the exposure of internal information not\n meant to be seen by web content. (CVE-2017-5382)\n\n - URLs containing certain unicode glyphs for alternative\n hyphens and quotes do not properly trigger punycode\n display, allowing for domain name spoofing attacks in\n the location bar. (CVE-2017-5383)\n\n - Proxy Auto-Config (PAC) files can specify a JavaScript\n function called for all URL requests with the full URL\n path which exposes more information than would be sent\n to the proxy itself in the case of HTTPS. Normally the\n Proxy Auto-Config file is specified by the user or\n machine owner and presumed to be non-malicious, but if\n a user has enabled Web Proxy Auto Detect (WPAD) this\n file can be served remotely. (CVE-2017-5384)\n\n - Data sent with in multipart channels, such as the\n multipart/x-mixed-replace MIME type, will ignore the\n referrer-policy response header, leading to potential\n information disclosure for sites using this header.\n (CVE-2017-5385)\n\n - WebExtension scripts can use the 'data:' protocol to\n affect pages loaded by other web extensions using this\n protocol, leading to potential data disclosure or\n privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The existence of a specifically requested local file\n can be found due to the double firing of the 'onerror'\n when the 'source' attribute on a <track> tag refers to\n a file that does not exist if the source page is loaded\n locally. (CVE-2017-5387)\n\n - A STUN server in conjunction with a large number of\n 'webkitRTCPeerConnection' objects can be used to send\n large STUN packets in a short period of time due to a\n lack of rate limiting being applied on e10s systems,\n allowing for a denial of service attack. (CVE-2017-5388)\n\n - WebExtensions could use the 'mozAddonManager' API by\n modifying the CSP headers on sites with the appropriate\n permissions and then using host requests to redirect\n script loads to a malicious site. This allows a\n malicious extension to then install additional\n extensions without explicit user permission.\n (CVE-2017-5389)\n\n - The JSON viewer in the Developer Tools uses insecure\n methods to create a communication channel for copying\n and viewing JSON or HTTP headers data, allowing for\n potential privilege escalation. (CVE-2017-5390)\n\n - Special 'about:' pages used by web content, such as RSS\n feeds, can load privileged 'about:' pages in an iframe.\n If a content-injection bug were found in one of those\n pages this could allow for potential privilege\n escalation. (CVE-2017-5391)\n\n - The 'mozAddonManager' allows for the installation of\n extensions from the CDN for addons.mozilla.org, a\n publicly accessible site. This could allow malicious\n extensions to install additional extensions from the CDN\n in combination with an XSS attack on Mozilla AMO sites.\n (CVE-2017-5393)\n\n - A use-after-free vulnerability in the Media Decoder\n when working with media files when some events are\n fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1017616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1255474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1281482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1293327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1300145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1302231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1306883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1307458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1308688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1309310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1313385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1315447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1317501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1318766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058\");\n # https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d11b233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 51.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', fix:'51.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-24T03:14:04", "bulletinFamily": "scanner", "description": "Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details", "modified": "2018-11-23T00:00:00", "published": "2017-01-25T00:00:00", "id": "FREEBSD_PKG_E60169C4AA8646B08AE20D81F683DF09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96743", "title": "FreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96743);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/23 12:49:58\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Foundation reports :\n\nPlease reference CVE/URL list for details\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2017-01/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2017-02/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\"\n );\n # https://vuxml.freebsd.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1dc1866\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<51.0_1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<45.7.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.7.0,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<45.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<45.7.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<45.7.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:19", "bulletinFamily": "scanner", "description": "This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs.\n\nThese security issues were fixed :\n\n - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814)\n\n - CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826)\n\n - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bmo#1312001, bmo#1330769, boo#1021818)\n\n - CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n\n - CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819)\n\n - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820)\n\n - CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828)\n\n - CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821)\n\n - CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n\n - CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831)\n\n - CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822)\n\n - CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832)\n\n - CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833)\n\n - CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823)\n\n - CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835)\n\n - CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837)\n\n - CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839)\n\n - CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840)\n\n - CVE-2017-5374: Memory safety bugs (boo#1021841)\n\n - CVE-2017-5373: Memory safety bugs (boo#1021824)\n\nThese non-security issues in MozillaFirefox were fixed :\n\n - Added support for FLAC (Free Lossless Audio Codec) playback\n\n - Added support for WebGL 2\n\n - Added Georgian (ka) and Kabyle (kab) locales\n\n - Support saving passwords for forms without 'submit' events\n\n - Improved video performance for users without GPU acceleration\n\n - Zoom indicator is shown in the URL bar if the zoom level is not at default level\n\n - View passwords from the prompt before saving them\n\n - Remove Belarusian (be) locale\n\n - Use Skia for content rendering (Linux)\n\n - Improve recognition of LANGUAGE env variable (boo#1017174)\n\n - Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423)", "modified": "2018-09-04T00:00:00", "id": "OPENSUSE-2017-187.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96940", "published": "2017-02-02T00:00:00", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-187.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96940);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\", \"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5392\", \"CVE-2017-5393\", \"CVE-2017-5394\", \"CVE-2017-5395\", \"CVE-2017-5396\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)\");\n script_summary(english:\"Check for the openSUSE-2017-187 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox to version 51.0.1 fixes security issues\nand bugs.\n\nThese security issues were fixed :\n\n - CVE-2017-5375: Excessive JIT code allocation allows\n bypass of ASLR and DEP (bmo#1325200, boo#1021814)\n\n - CVE-2017-5376: Use-after-free in XSL (bmo#1311687,\n boo#1021817) CVE-2017-5377: Memory corruption with\n transforms to create gradients in Skia (bmo#1306883,\n boo#1021826)\n\n - CVE-2017-5378: Pointer and frame data leakage of\n JavaScript objects (bmo#1312001, bmo#1330769,\n boo#1021818)\n\n - CVE-2017-5379: Use-after-free in Web Animations\n (bmo#1309198,boo#1021827)\n\n - CVE-2017-5380: Potential use-after-free during DOM\n manipulations (bmo#1322107, boo#1021819)\n\n - CVE-2017-5390: Insecure communication methods in\n Developer Tools JSON viewer (bmo#1297361, boo#1021820)\n\n - CVE-2017-5389: WebExtensions can install additional\n add-ons via modified host requests (bmo#1308688,\n boo#1021828)\n\n - CVE-2017-5396: Use-after-free with Media Decoder\n (bmo#1329403, boo#1021821)\n\n - CVE-2017-5381: Certificate Viewer exporting can be used\n to navigate and save to arbitrary filesystem locations\n (bmo#1017616, boo#1021830)\n\n - CVE-2017-5382: Feed preview can expose privileged\n content errors and exceptions (bmo#1295322, boo#1021831)\n\n - CVE-2017-5383: Location bar spoofing with unicode\n characters (bmo#1323338, bmo#1324716, boo#1021822)\n\n - CVE-2017-5384: Information disclosure via Proxy\n Auto-Config (PAC) (bmo#1255474, boo#1021832)\n\n - CVE-2017-5385: Data sent in multipart channels ignores\n referrer-policy response headers (bmo#1295945,\n boo#1021833)\n\n - CVE-2017-5386: WebExtensions can use data: protocol to\n affect other extensions (bmo#1319070, boo#1021823)\n\n - CVE-2017-5391: Content about: pages can load privileged\n about: pages (bmo#1309310, boo#1021835)\n\n - CVE-2017-5393: Remove addons.mozilla.org CDN from\n whitelist for mozAddonManager (bmo#1309282, boo#1021837)\n\n - CVE-2017-5387: Disclosure of local file existence\n through TRACK tag error messages (bmo#1295023,\n boo#1021839)\n\n - CVE-2017-5388: WebRTC can be used to generate a large\n amount of UDP traffic for DDOS attacks (bmo#1281482,\n boo#1021840)\n\n - CVE-2017-5374: Memory safety bugs (boo#1021841)\n\n - CVE-2017-5373: Memory safety bugs (boo#1021824)\n\nThese non-security issues in MozillaFirefox were fixed :\n\n - Added support for FLAC (Free Lossless Audio Codec)\n playback\n\n - Added support for WebGL 2\n\n - Added Georgian (ka) and Kabyle (kab) locales\n\n - Support saving passwords for forms without 'submit'\n events\n\n - Improved video performance for users without GPU\n acceleration\n\n - Zoom indicator is shown in the URL bar if the zoom level\n is not at default level\n\n - View passwords from the prompt before saving them\n\n - Remove Belarusian (be) locale\n\n - Use Skia for content rendering (Linux)\n\n - Improve recognition of LANGUAGE env variable\n (boo#1017174)\n\n - Multiprocess incompatibility did not correctly register\n with some add-ons (bmo#1333423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1017174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1021841\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-upstream-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-other-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-branding-upstream-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-buildsymbols-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debuginfo-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debugsource-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-devel-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-common-51.0.1-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-other-51.0.1-50.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96780", "published": "2017-01-26T00:00:00", "title": "Debian DSA-3771-1 : firefox-esr - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3771. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96780);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"DSA\", value:\"3771\");\n\n script_name(english:\"Debian DSA-3771-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\ninformation disclosure or privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3771\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.7.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:12", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities :\n\n - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)\n\n - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378)\n\n - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)\n\n - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383)\n\n - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390)\n\n - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_45_7_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96773", "published": "2017-01-25T00:00:00", "title": "Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96773);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-5373\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5378\",\n \"CVE-2017-5380\",\n \"CVE-2017-5383\",\n \"CVE-2017-5386\",\n \"CVE-2017-5390\",\n \"CVE-2017-5396\"\n );\n script_bugtraq_id(\n 95757,\n 95758,\n 95762,\n 95769\n );\n script_xref(name:\"MFSA\", value:\"2017-02\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is 45.x prior to 45.7. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Mozilla developers and community members Christian\n Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\n Schuster, and Oriol reported memory safety bugs present\n in Firefox 50.1 and Firefox ESR 45.6. Some of these\n bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these\n could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - JIT code allocation can allow for a bypass of ASLR and\n DEP protections leading to potential memory corruption\n attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents\n (CVE-2017-5376)\n\n - Hashed codes of JavaScript objects are shared between\n pages. This allows for pointer leaks because an object's\n address can be discovered through hash codes, and also\n allows for data leakage of an object's content using\n these hash codes. (CVE-2017-5378)\n\n - A potential use-after-free found through fuzzing during\n DOM manipulation of SVG content. (CVE-2017-5380)\n\n - URLs containing certain unicode glyphs for alternative\n hyphens and quotes do not properly trigger punycode\n display, allowing for domain name spoofing attacks in\n the location bar. (CVE-2017-5383)\n\n - WebExtension scripts can use the 'data:' protocol to\n affect pages loaded by other web extensions using this\n protocol, leading to potential data disclosure or\n privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The JSON viewer in the Developer Tools uses insecure\n methods to create a communication channel for copying\n and viewing JSON or HTTP headers data, allowing for\n potential privilege escalation. (CVE-2017-5390)\n\n - A use-after-free vulnerability in the Media Decoder\n when working with media files when some events are\n fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.7', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "This update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)", "modified": "2018-12-27T00:00:00", "id": "SL_20170125_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96792", "published": "2017-01-26T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96792);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376,\n CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\n CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=12036\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b66bf74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.7.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.7.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.7.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.7.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.7.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.7.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:23", "bulletinFamily": "scanner", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) :\n\n - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818)\n\n - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821)\n\n - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data:\n protocol to affect other extensions (bsc#1021823)\n\n - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819)\n\n - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820)\n\n - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824)\n\n - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814)\n\n - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n\n - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-30T00:00:00", "id": "SUSE_SU-2017-0426-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97081", "published": "2017-02-09T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0426-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97081);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/30 10:54:50\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n(bsc#1021991) :\n\n - MFSA 2017-02/CVE-2017-5378: Pointer and frame data\n leakage of JavaScript objects (bsc#1021818)\n\n - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media\n Decoder (bsc#1021821)\n\n - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data:\n protocol to affect other extensions (bsc#1021823)\n\n - MFSA 2017-02/CVE-2017-5380: Potential use-after-free\n during DOM manipulations (bsc#1021819)\n\n - MFSA 2017-02/CVE-2017-5390: Insecure communication\n methods in Developer Tools JSON viewer (bsc#1021820)\n\n - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in\n Firefox 51 and Firefox ESR 45.7 (bsc#1021824)\n\n - MFSA 2017-02/CVE-2017-5375: Excessive JIT code\n allocation allows bypass of ASLR and DEP (bsc#1021814)\n\n - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL\n (bsc#1021817)\n\n - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with\n unicode characters (bsc#1021822) Please see\n https://www.mozilla.org/en-US/security/advisories/mfsa20\n 17-02/ for more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5383/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5396/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170426-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fded08ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-MozillaFirefox-12973=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-MozillaFirefox-12973=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-MozillaFirefox-12973=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.7.0esr-65.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-03-14T14:22:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-28T00:00:00", "id": "OPENVAS:1361412562310843028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843028", "title": "Ubuntu Update for firefox USN-3175-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3175-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843028\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-28 05:41:32 +0100 (Sat, 28 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\",\n\t\t\"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\",\n\t\t\"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\",\n\t\t\"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\",\n\t\t\"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5393\",\n\t\t\"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3175-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple memory safety issues were discovered\n in Firefox. If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gré goire discovered a use-after-free when manipulating XSL in\nXSLT documents in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object's address could be discovered through\nhashed codes of JavaScript objects shared between pages. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the Certificate Viewer\ncan force local filesystem navigation when the Common Name contains\nslashes. If a user were tricked in to exporting a specially crafted\ncertificate, an attacker could potentially exploit this to save content\nwith arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to\ncapture errors and exceptions generated by privileged content. An attacker\ncould potentially exploit this to obtain sens ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3175-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3175-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-14T14:21:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-02-07T00:00:00", "id": "OPENVAS:1361412562310843043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843043", "title": "Ubuntu Update for firefox USN-3175-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3175-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843043\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-07 05:45:17 +0100 (Tue, 07 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5374\", \"CVE-2017-5375\", \"CVE-2017-5376\",\n\t\t\"CVE-2017-5377\", \"CVE-2017-5378\", \"CVE-2017-5379\", \"CVE-2017-5380\",\n\t\t\"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\", \"CVE-2017-5384\",\n\t\t\"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5387\", \"CVE-2017-5388\",\n\t\t\"CVE-2017-5389\", \"CVE-2017-5390\", \"CVE-2017-5391\", \"CVE-2017-5393\",\n\t\t\"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3175-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3175-1 fixed vulnerabilities in Firefox.\n The update caused a regression on systems where the AppArmor profile for Firefox\n is set to enforce mode. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple memory safety issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gré goire discovered a use-after-free when manipulating XSL in\nXSLT documents in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object's address could be discovered through\nhashed codes of JavaScript objects shared between pages. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5380)\n\nJann Horn discovered that the 'export' function in the Certificate Viewer\ncan force local filesystem navigation when the Common Name contains\nslashes. If a user were tricked in to exporting a specially crafted\ncertificate, an attacker could potentially exploit this to save content\nwith arbi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3175-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3175-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.16.10.2\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.12.04.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"51.0.1+build2-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:35:20", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310809876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809876", "title": "Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2017-01_2017-02_macosx.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809876\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\",\n\t\t\"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5390\", \"CVE-2017-5389\",\n\t\t\"CVE-2017-5396\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\",\n\t\t\"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5374\",\n\t\t\"CVE-2017-5391\", \"CVE-2017-5388\", \"CVE-2017-5393\", \"CVE-2017-5373\",\n\t\t\"CVE-2017-5387\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 12:08:46 +0530 (Fri, 27 Jan 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - Excessive JIT code allocation allows bypass of ASLR and DEP.\n\n - Use-after-free in XSL.\n\n - Memory corruption with transforms to create gradients in Skia.\n\n - Pointer and frame data leakage of Javascript objects.\n\n - Use-after-free in Web Animations.\n\n - Potential use-after-free during DOM manipulations.\n\n - Insecure communication methods in Developer Tools JSON viewer.\n\n - WebExtensions can install additional add-ons via modified host requests.\n\n - Use-after-free with Media Decoder.\n\n - Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations.\n\n - Feed preview can expose privileged content errors and exceptions.\n\n - Location bar spoofing with unicode characters.\n\n - Information disclosure via Proxy Auto-Config (PAC).\n\n - Data sent in multipart channels ignores referrer-policy response headers.\n\n - WebExtensions can use data: protocol to affect other extensions.\n\n - Content about: pages can load privileged about: pages.\n\n - Remove addons.mozilla.org CDN from whitelist for mozAddonManager.\n\n - Disclosure of local file existence through TRACK tag error messages.\n\n - WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 51 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 51\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"51.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"51.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:34:27", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310809875", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809875", "title": "Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_mfsa_2017-01_2017-02_win.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809875\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5377\", \"CVE-2017-5378\",\n\t\t\"CVE-2017-5379\", \"CVE-2017-5380\", \"CVE-2017-5390\", \"CVE-2017-5389\",\n\t\t\"CVE-2017-5396\", \"CVE-2017-5381\", \"CVE-2017-5382\", \"CVE-2017-5383\",\n\t\t\"CVE-2017-5384\", \"CVE-2017-5385\", \"CVE-2017-5386\", \"CVE-2017-5374\",\n\t\t\"CVE-2017-5391\", \"CVE-2017-5388\", \"CVE-2017-5393\", \"CVE-2017-5373\",\n\t\t\"CVE-2017-5387\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 12:06:41 +0530 (Fri, 27 Jan 2017)\");\n script_name(\"Mozilla Firefox Security Updates(mfsa_2017-01_2017-02)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - Excessive JIT code allocation allows bypass of ASLR and DEP.\n\n - Use-after-free in XSL.\n\n - Memory corruption with transforms to create gradients in Skia.\n\n - Pointer and frame data leakage of Javascript objects.\n\n - Use-after-free in Web Animations.\n\n - Potential use-after-free during DOM manipulations.\n\n - Insecure communication methods in Developer Tools JSON viewer.\n\n - WebExtensions can install additional add-ons via modified host requests.\n\n - Use-after-free with Media Decoder.\n\n - Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations.\n\n - Feed preview can expose privileged content errors and exceptions.\n\n - Location bar spoofing with unicode characters.\n\n - Information disclosure via Proxy Auto-Config (PAC).\n\n - Data sent in multipart channels ignores referrer-policy response headers.\n\n - WebExtensions can use data: protocol to affect other extensions.\n\n - Content about: pages can load privileged about: pages.\n\n - Remove addons.mozilla.org CDN from whitelist for mozAddonManager.\n\n - Disclosure of local file existence through TRACK tag error messages.\n\n - WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 51 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 51\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"51.0\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"51.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-11T14:33:48", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882644", "title": "CentOS Update for firefox CESA-2017:0190 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882644\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:42:13 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022253.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-11T14:35:16", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882641", "title": "CentOS Update for firefox CESA-2017:0190 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882641\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:41:52 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022251.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-19T12:31:30", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.", "modified": "2019-03-18T00:00:00", "published": "2017-01-25T00:00:00", "id": "OPENVAS:1361412562310703771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703771", "title": "Debian Security Advisory DSA 3771-1 (firefox-esr - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3771.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3771-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703771\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_name(\"Debian Security Advisory DSA 3771-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-25 00:00:00 +0100 (Wed, 25 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3771.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-11T14:35:20", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882642", "title": "CentOS Update for firefox CESA-2017:0190 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882642\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:42:01 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022256.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:50", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.", "modified": "2017-07-07T00:00:00", "published": "2017-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703771", "id": "OPENVAS:703771", "title": "Debian Security Advisory DSA 3771-1 (firefox-esr - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3771.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3771-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703771);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_name(\"Debian Security Advisory DSA 3771-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-25 00:00:00 +0100 (Wed, 25 Jan 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3771.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible\nweb browser with support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-22T16:35:52", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "modified": "2018-10-19T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310809877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809877", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_firefox_esr_mfsa_2017-01_2017-02_win.nasl 11977 2018-10-19 07:28:56Z mmartin $\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809877\");\n script_version(\"$Revision: 11977 $\");\n script_cve_id(\"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\",\n\t\t\"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5383\", \"CVE-2017-5386\",\n\t\t\"CVE-2017-5373\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 09:28:56 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 12:11:16 +0530 (Fri, 27 Jan 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The excessive JIT code allocation allows bypass of ASLR and DEP.\n\n - An use-after-free in XSL.\n\n - The pointer and frame data leakage of Javascript objects.\n\n - The potential use-after-free during DOM manipulations.\n\n - An insecure communication methods in Developer Tools JSON viewer.\n\n - An use-after-free with Media Decoder.\n\n - A location bar spoofing with unicode characters.\n\n - The webExtensions can use data: protocol to affect other extensions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.7\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.com/en-US/firefox/all.html\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.7\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-04-14T06:58:31", "bulletinFamily": "unix", "description": "USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00c3\u00a9goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object\u2019s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the \u201cexport\u201d function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla\u2019s AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)", "modified": "2017-02-06T00:00:00", "published": "2017-02-06T00:00:00", "id": "USN-3175-2", "href": "https://usn.ubuntu.com/3175-2/", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-14T06:59:32", "bulletinFamily": "unix", "description": "Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00c3\u00a9goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object\u2019s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the \u201cexport\u201d function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla\u2019s AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)", "modified": "2017-01-27T00:00:00", "published": "2017-01-27T00:00:00", "id": "USN-3175-1", "href": "https://usn.ubuntu.com/3175-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-02-02T00:59:49", "bulletinFamily": "unix", "description": "This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown in the URL bar if the zoom level is not at\n default level\n * View passwords from the prompt before saving them\n * Remove Belarusian (be) locale\n * Use Skia for content rendering (Linux)\n * Improve recognition of LANGUAGE env variable (boo#1017174)\n * Multiprocess incompatibility did not correctly register with some\n add-ons (bmo#1333423)\n\n", "modified": "2017-02-02T00:13:07", "published": "2017-02-02T00:13:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html", "id": "OPENSUSE-SU-2017:0358-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-08T18:59:55", "bulletinFamily": "unix", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n (bsc#1021991):\n\n * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript\n objects (bsc#1021818)\n * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder\n (bsc#1021821)\n * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to\n affect other extensions (bsc#1021823)\n * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM\n manipulations (bsc#1021819)\n * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer\n Tools JSON viewer (bsc#1021820)\n * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and\n Firefox ESR 45.7 (bsc#1021824)\n * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass\n of ASLR and DEP (bsc#1021814)\n * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode\n characters (bsc#1021822)\n\n Please see <a rel=\"nofollow\" href=\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\">https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/</a>\n for more information.\n\n", "modified": "2017-02-08T18:10:27", "published": "2017-02-08T18:10:27", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00016.html", "id": "SUSE-SU-2017:0426-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-09T02:59:56", "bulletinFamily": "unix", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n (bsc#1021991):\n\n * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript\n objects (bsc#1021818)\n * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder\n (bsc#1021821)\n * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to\n affect other extensions (bsc#1021823)\n * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM\n manipulations (bsc#1021819)\n * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer\n Tools JSON viewer (bsc#1021820)\n * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and\n Firefox ESR 45.7 (bsc#1021824)\n * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass\n of ASLR and DEP (bsc#1021814)\n * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode\n characters (bsc#1021822)\n\n Please see <a rel=\"nofollow\" href=\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\">https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/</a>\n for more information.\n\n", "modified": "2017-02-09T03:07:40", "published": "2017-02-09T03:07:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00017.html", "id": "SUSE-SU-2017:0427-1", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:03", "bulletinFamily": "unix", "description": "\nMozilla Foundation reports:\n\nPlease reference CVE/URL list for details\n\n", "modified": "2017-01-24T00:00:00", "published": "2017-01-24T00:00:00", "id": "E60169C4-AA86-46B0-8AE2-0D81F683DF09", "href": "https://vuxml.freebsd.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:33", "bulletinFamily": "info", "description": "### *Detect date*:\n01/24/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 51.0 \nMozilla Firefox ESR versions earlier than 45.7.0\n\n### *Solution*:\nUpdate to latest version \n[Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA 2017-02](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/>) \n[MFSA 2017-01](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-5375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375>)9.8Critical \n[CVE-2017-5376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376>)9.8Critical \n[CVE-2017-5378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378>)7.5Critical \n[CVE-2017-5380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380>)9.8Critical \n[CVE-2017-5390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390>)9.8Critical \n[CVE-2017-5396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396>)9.8Critical \n[CVE-2017-5383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383>)5.3Critical \n[CVE-2017-5373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373>)9.8Critical \n[CVE-2017-5377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377>)9.8Critical \n[CVE-2017-5379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379>)7.5Critical \n[CVE-2017-5389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389>)6.1Critical \n[CVE-2017-5381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381>)7.5Critical \n[CVE-2017-5382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382>)7.5Critical \n[CVE-2017-5384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384>)5.9Critical \n[CVE-2017-5385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385>)7.5Critical \n[CVE-2017-5386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386>)7.3Critical \n[CVE-2017-5394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5394>)8.8Critical \n[CVE-2017-5391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391>)9.8Critical \n[CVE-2017-5392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5392>)9.8Critical \n[CVE-2017-5393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393>)6.1Critical \n[CVE-2017-5395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5395>)4.3Critical \n[CVE-2017-5387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5387>)3.3Critical \n[CVE-2017-5388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388>)7.5Critical \n[CVE-2017-5374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374>)9.8Critical", "modified": "2019-03-07T00:00:00", "published": "2017-01-24T00:00:00", "id": "KLA10953", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10953", "title": "\r KLA10953Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-21T00:14:37", "bulletinFamily": "info", "description": "### *Detect date*:\n01/26/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service, spoof user interface and gain privilege escalation.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 45.7\n\n### *Solution*:\nUpdate to the latest version \n[Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2017-5375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375>)9.8Critical \n[CVE-2017-5376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376>)9.8Critical \n[CVE-2017-5378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378>)7.5Critical \n[CVE-2017-5380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380>)9.8Critical \n[CVE-2017-5390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390>)9.8Critical \n[CVE-2017-5396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396>)9.8Critical \n[CVE-2017-5383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383>)5.3Critical \n[CVE-2017-5373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373>)9.8Critical", "modified": "2019-03-07T00:00:00", "published": "2017-01-26T00:00:00", "id": "KLA10956", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10956", "title": "\r KLA10956Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:02", "bulletinFamily": "unix", "description": "Package : firefox-esr\nVersion : 45.7.0esr-1~deb7u1\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378\n CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390\n CVE-2017-5396\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation leaks or privilege escalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.7.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-26T17:18:25", "published": "2017-01-26T17:18:25", "id": "DEBIAN:DLA-800-1:36A02", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00035.html", "title": "[SECURITY] [DLA 800-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-08T01:49:26", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3771-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 \n CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 \n CVE-2017-5396\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Memory safety errors, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-01-25T21:47:05", "published": "2017-01-25T21:47:05", "id": "DEBIAN:DSA-3771-1:9FE2D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00022.html", "title": "[SECURITY] [DSA 3771-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2017-02-21T01:00:00", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.7.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.7.0\"", "modified": "2017-02-20T00:00:00", "published": "2017-02-20T00:00:00", "id": "GLSA-201702-22", "href": "https://security.gentoo.org/glsa/201702-22", "title": "Mozilla Firefox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-21T01:00:00", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.7.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.7.0\"", "modified": "2017-02-20T00:00:00", "published": "2017-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201702-13", "id": "GLSA-201702-13", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2018-12-11T19:42:59", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,\nCVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin\nRazmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\nSchuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original\nreporters.\n", "modified": "2018-06-06T20:24:12", "published": "2017-01-25T05:00:00", "id": "RHSA-2017:0190", "href": "https://access.redhat.com/errata/RHSA-2017:0190", "type": "redhat", "title": "(RHSA-2017:0190) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:55", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian\nHoller, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0,\nNicolas Gregoire, and Jerri Rice as the original reporters.\n", "modified": "2018-06-06T20:24:34", "published": "2017-02-02T05:00:00", "id": "RHSA-2017:0238", "href": "https://access.redhat.com/errata/RHSA-2017:0238", "type": "redhat", "title": "(RHSA-2017:0238) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:37", "bulletinFamily": "unix", "description": "New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-45.7.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-45.7.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-45.7.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-45.7.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-45.7.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nb944bea9c98775dc812beb3151933382 mozilla-thunderbird-45.7.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n71f006a9aed72154ba8d49e2e30d05b0 mozilla-thunderbird-45.7.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nb0b51e73c2d9f489609b66a8719baac2 mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n8c764b5f61595020e3cd5c320c1f9116 mozilla-thunderbird-45.7.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n57c3693787752848428469ec69996f58 xap/mozilla-thunderbird-45.7.0-i586-1.txz\n\nSlackware x86_64 -current package:\n549218c6ad3bc9e9cd5f103072a1b1db xap/mozilla-thunderbird-45.7.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz", "modified": "2017-01-26T20:35:28", "published": "2017-01-26T20:35:28", "id": "SSA-2017-026-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.448861", "title": "mozilla-thunderbird", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:36", "bulletinFamily": "unix", "description": "[45.7.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.7.0-1]\n- Updated to 45.7.0 (B1)\n[45.6.0-2]\n- Enabled ffmpeg > 54.35.1 (rhbz#1330898, mozbz#1263665)", "modified": "2017-01-25T00:00:00", "published": "2017-01-25T00:00:00", "id": "ELSA-2017-0190", "href": "http://linux.oracle.com/errata/ELSA-2017-0190.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:41:29", "bulletinFamily": "unix", "description": "[45.7.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.7.0-1]\n- Update to 45.7.0", "modified": "2017-02-02T00:00:00", "published": "2017-02-02T00:00:00", "id": "ELSA-2017-0238", "href": "http://linux.oracle.com/errata/ELSA-2017-0238.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-08-03T11:56:01", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0190\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,\nCVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin\nRazmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\nSchuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original\nreporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022276.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022277.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022278.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022251.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022253.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022256.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0190.html", "modified": "2017-02-22T13:44:06", "published": "2017-01-26T20:24:55", "id": "CESA-2017:0190", "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/022256.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-03T11:55:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0238\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian\nHoller, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0,\nNicolas Gregoire, and Jerri Rice as the original reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022262.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022263.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022264.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0238.html", "modified": "2017-02-02T22:03:28", "published": "2017-02-02T21:10:46", "id": "CESA-2017:0238", "href": "http://lists.centos.org/pipermail/centos-announce/2017-February/022262.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:11", "bulletinFamily": "info", "description": "Mozilla Foundation took steps with the release of Firefox 51 on Tuesday to communicate more clearly to users when they land on a HTTP website collecting personal information such as passwords that the site may not be secure.\n\nGoing forward, Firefox will display a gray lock icon with a red strikethrough in the address bar. Should the user click on the lock, a dialog box will pop up with text indicating the connection is not secure. Eventually, Mozilla said, this will be the experience for all HTTP pages.\n\n\u201cTo continue to promote the use of HTTPS and properly convey the risks to users, Firefox will eventually display the struck-through lock icon for all pages that don\u2019t use HTTPS, to make clear that they are not secure,\u201d a [post](<https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/>) to the Mozilla security blog said. \u201cAs our plans evolve, we will continue to post updates but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2017/01/06230933/Threatpost_HTTP_Warning.png>)\n\nMozilla\u2019s move follows similar efforts by Google with its Chrome browser. Late last year, [Google said](<https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452/>) starting this month, Chrome users who navigate to some HTTP sites will be notified they\u2019re on a site that isn\u2019t secure.\n\nOn Tuesday, Mozilla also patched several critical security vulnerabilities. Topping the[ list of critical vulnerabilities](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375>) is one described as a \u201cexcessive JIT code allocation allowing the bypass of ASLR and DEP.\u201d A JIT (just in time) code is a default processes that handles how Java request are made, allowing for compiled byte code to run directly versus taking an additional step of interpreting the code and then running it. The ASLR (address space layout randomization) guards against buffer-overflow attacks and DEP (data execution prevention) protects operating systems from virus attacks launched from Window\u2019s system memory locations.\n\n\u201cJIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks,\u201d according to the security advisory. The vulnerability (CVE-2017-5375) impacts only Firefox 51.\n\nOther critical vulnerabilities include a use-after-free flaw (CVE-2017-5376) related to manipulating XSL in XSLT documents. A second critical memory corruption flaw (CVE-2017-5377) was found impacting the open source 2D graphics library called Skia.\n\nOf the [advisories rated high](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375>) three were use-after-free vulnerabilities related to web animations (CVE-2017-5379), DOM manipulation of SVG content (CVE-2017-5380) and a bug related to the Firefox Media Decoder (CVE-2017-5396).\n\nSeveral critical vulnerabilities were also found in Mozilla\u2019s Extended Support Release (ESR) version of the Firefox browser. Firefox ESR is a custom version of the Mozilla Firefox browser specifically designed for the special browser requirements relied upon by schools, government agencies and businesses that maybe leery about forced browser updates that could disrupt line-of-business browser-based applications.\n\nOne of those [Firefox ESR critical security alerts](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/>) (CVE-2017-5374) was a memory safety bug that with enough effort could be exploited to run arbitrary code, according to the advisory. Another critical memory safety bug was found in Firefox and Firefox ESR 45.7 that also could be exploited to run arbitrary code. Both Firefox ERS vulnerabilities were patched.\n\nFirefox 51 browser also became [the first of the major browsers to display a warning](<https://threatpost.com/sha-1-end-times-have-arrived/123061/>) to users who run into a site that doesn\u2019t support TLS certificates signed by the SHA-2 hashing algorithm. According to Mozilla, SHA-1 warnings start this week for beta Firefox users and will roll out to all other users sometime after that. The move is meant to protect users from [collision attacks](<https://threatpost.com/practical-sha-1-collision-months-not-years-away/114979/>), where two or more inputs generate the same hash value.\n", "modified": "2017-02-04T14:39:48", "published": "2017-01-25T14:30:37", "id": "THREATPOST:F2ADBC39AC760D624DF2B40B8E80BCC2", "href": "https://threatpost.com/firefox-51-begins-warning-users-of-insecure-http-connections/123331/", "type": "threatpost", "title": "Firefox 51 Begins Warning Users of Insecure HTTP Connections", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T10:52:31", "published": "2018-06-11T17:29:02", "id": "CVE-2017-5377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5377", "title": "CVE-2017-5377", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T13:38:56", "published": "2018-06-11T17:29:03", "id": "CVE-2017-5394", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5394", "title": "CVE-2017-5394", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T11:03:26", "published": "2018-06-11T17:29:03", "id": "CVE-2017-5382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5382", "title": "CVE-2017-5382", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.", "modified": "2018-08-14T08:46:47", "published": "2018-06-11T17:29:03", "id": "CVE-2017-5395", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5395", "title": "CVE-2017-5395", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T12:47:34", "published": "2018-06-11T17:29:03", "id": "CVE-2017-5384", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5384", "title": "CVE-2017-5384", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T15:34:12", "published": "2018-06-11T17:29:02", "id": "CVE-2017-5373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5373", "title": "CVE-2017-5373", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T10:50:26", "published": "2018-06-11T17:29:02", "id": "CVE-2017-5374", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5374", "title": "CVE-2017-5374", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T10:55:12", "published": "2018-06-11T17:29:02", "id": "CVE-2017-5379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5379", "title": "CVE-2017-5379", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T15:37:11", "published": "2018-06-11T17:29:02", "id": "CVE-2017-5376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5376", "title": "CVE-2017-5376", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-04-19T11:26:19", "bulletinFamily": "NVD", "description": "WebExtensions could use the \"mozAddonManager\" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.", "modified": "2018-08-07T12:53:27", "published": "2018-06-11T17:29:03", "id": "CVE-2017-5389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5389", "title": "CVE-2017-5389", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
