Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020200163HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2020-0163)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
1
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0163");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2023-06-20T05:05:24+0000");
script_tag(name:"last_modification", value:"2023-06-20 05:05:24 +0000 (Tue, 20 Jun 2023)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Mageia: Security Advisory (MGASA-2020-0163)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2020-0163");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0163.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26442");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2020-0163 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Updated firefox packages fix security vulnerabilities:
When reading from areas partially or fully outside the source resource
with WebGL's copyTexSubImage method, the specification requires the
returned values be zero. Previously, this memory was uninitialized,
leading to potentially sensitive data disclosure (CVE-2020-6821).
On 32-bit builds, an out of bounds write could have occurred when
processing an image larger than 4 GB in GMPDecodeData. It is possible
that with enough effort this could have been exploited to run arbitrary
code (CVE-2020-6822).
Mozilla developers Tyson Smith and Christian Holler reported memory safety
bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code (CVE-2020-6825).");
script_tag(name:"affected", value:"'firefox, firefox-l10n' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"firefox", rpm:"firefox~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-af", rpm:"firefox-af~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-an", rpm:"firefox-an~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ar", rpm:"firefox-ar~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ast", rpm:"firefox-ast~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-az", rpm:"firefox-az~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bg", rpm:"firefox-bg~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bn", rpm:"firefox-bn~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-br", rpm:"firefox-br~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bs", rpm:"firefox-bs~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ca", rpm:"firefox-ca~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-cs", rpm:"firefox-cs~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-cy", rpm:"firefox-cy~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-da", rpm:"firefox-da~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-de", rpm:"firefox-de~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-devel", rpm:"firefox-devel~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-el", rpm:"firefox-el~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-en_GB", rpm:"firefox-en_GB~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-en_US", rpm:"firefox-en_US~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-eo", rpm:"firefox-eo~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_AR", rpm:"firefox-es_AR~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_CL", rpm:"firefox-es_CL~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_ES", rpm:"firefox-es_ES~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_MX", rpm:"firefox-es_MX~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-et", rpm:"firefox-et~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-eu", rpm:"firefox-eu~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fa", rpm:"firefox-fa~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ff", rpm:"firefox-ff~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fi", rpm:"firefox-fi~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fr", rpm:"firefox-fr~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fy_NL", rpm:"firefox-fy_NL~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ga_IE", rpm:"firefox-ga_IE~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gd", rpm:"firefox-gd~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gl", rpm:"firefox-gl~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gu_IN", rpm:"firefox-gu_IN~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-he", rpm:"firefox-he~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hi_IN", rpm:"firefox-hi_IN~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hr", rpm:"firefox-hr~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hsb", rpm:"firefox-hsb~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hu", rpm:"firefox-hu~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hy_AM", rpm:"firefox-hy_AM~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-id", rpm:"firefox-id~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-is", rpm:"firefox-is~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-it", rpm:"firefox-it~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ja", rpm:"firefox-ja~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-kk", rpm:"firefox-kk~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-km", rpm:"firefox-km~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-kn", rpm:"firefox-kn~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ko", rpm:"firefox-ko~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-l10n", rpm:"firefox-l10n~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lij", rpm:"firefox-lij~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lt", rpm:"firefox-lt~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lv", rpm:"firefox-lv~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-mk", rpm:"firefox-mk~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-mr", rpm:"firefox-mr~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ms", rpm:"firefox-ms~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nb_NO", rpm:"firefox-nb_NO~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nl", rpm:"firefox-nl~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nn_NO", rpm:"firefox-nn_NO~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pa_IN", rpm:"firefox-pa_IN~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pl", rpm:"firefox-pl~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pt_BR", rpm:"firefox-pt_BR~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pt_PT", rpm:"firefox-pt_PT~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ro", rpm:"firefox-ro~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ru", rpm:"firefox-ru~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-si", rpm:"firefox-si~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sk", rpm:"firefox-sk~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sl", rpm:"firefox-sl~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sq", rpm:"firefox-sq~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sr", rpm:"firefox-sr~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sv_SE", rpm:"firefox-sv_SE~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ta", rpm:"firefox-ta~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-te", rpm:"firefox-te~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-th", rpm:"firefox-th~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-tr", rpm:"firefox-tr~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-uk", rpm:"firefox-uk~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-uz", rpm:"firefox-uz~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-vi", rpm:"firefox-vi~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-xh", rpm:"firefox-xh~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-zh_CN", rpm:"firefox-zh_CN~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-zh_TW", rpm:"firefox-zh_TW~68.7.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Oracle Linux 7 : firefox (ELSA-2020-1420)
2020-04-14 00:00:00
CentOS 8 : firefox (CESA-2020:1406)
2021-02-01 00:00:00
RHEL 6 : firefox (RHSA-2020:1429)
2020-04-14 00:00:00
osv
osv
firefox-esr - security update
2020-04-08 00:00:00
thunderbird - security update
2020-04-14 00:00:00
firefox-esr - security update
2020-04-08 00:00:00
ibm
ibm
centos
centos
firefox security update
2020-04-28 00:22:09
thunderbird security update
2020-04-28 00:21:12
thunderbird security update
2020-04-30 19:57:02
openvas
openvas
CentOS: Security Advisory for firefox (CESA-2020:1429)
2020-04-28 00:00:00
Debian: Security Advisory (DSA-4655-1)
2020-04-09 00:00:00
Mageia: Security Advisory (MGASA-2020-0170)
2022-01-28 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2020-04-08 20:12:00
Updated thunderbird packages fix security vulnerabilities
2020-04-15 13:12:14
redhat
redhat
(RHSA-2020:1420) Important: firefox security update
2020-04-09 08:57:47
(RHSA-2020:1406) Important: firefox security update
2020-04-08 15:36:05
(RHSA-2020:1429) Important: firefox security update
2020-04-14 06:52:26
debian
debian
[SECURITY] [DSA 4655-1] firefox-esr security update
2020-04-08 17:22:19
[SECURITY] [DLA 2170-1] firefox-esr security update
2020-04-08 11:36:20
[SECURITY] [DSA 4656-1] thunderbird security update
2020-04-13 19:42:57
oraclelinux
oraclelinux
firefox security update
2020-04-11 00:00:00
firefox security update
2020-04-09 00:00:00
firefox security update
2020-07-07 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2020-04-23 00:00:00
Security update for MozillaFirefox (important)
2020-04-10 00:00:00
Security update for MozillaThunderbird (important)
2020-04-15 00:00:00
kaspersky
kaspersky
KLA11726 Multiple vulnerabilities in Mozilla Firefox ESR
2020-04-07 00:00:00
KLA11730 Multiple vulnerabilities in Mozilla Thunderbird
2020-04-09 00:00:00
KLA11725 Multiple vulnerabilities in Mozilla Firefox
2020-04-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 68.7.0-alt1
2020-04-08 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 68.7.0-alt1
2020-04-06 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 68.7.0 — Mozilla
2020-04-09 00:00:00
Security Vulnerabilities fixed in Firefox ESR 68.7 — Mozilla
2020-04-07 00:00:00
Security Vulnerabilities fixed in Firefox 75 — Mozilla
2020-04-07 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2020-04-07 22:50:22
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2020-04-23 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2020-04-07 00:00:00
Thunderbird vulnerabilities
2020-04-13 00:00:00
Thunderbird vulnerabilities
2020-04-21 00:00:00
archlinux
archlinux
[ASA-202004-8] firefox: multiple issues
2020-04-08 00:00:00
[ASA-202004-12] thunderbird: multiple issues
2020-04-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-09 01:07:00
Information Disclosure
2020-04-09 01:06:59
Denial Of Service (DoS)
2020-04-09 01:07:00
cve
cve
prion
prion
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
alpinelinux
alpinelinux
amazon
amazon
Critical: thunderbird
2020-05-19 18:32:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%
Related for OPENVAS:13614125623111020200163