Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020200377HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2020-0377)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
5
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0377");
script_cve_id("CVE-2020-15673", "CVE-2020-15676", "CVE-2020-15677", "CVE-2020-15678");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-10-02 19:26:54 +0000 (Fri, 02 Oct 2020)");
script_name("Mageia: Security Advisory (MGASA-2020-0377)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2020-0377");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0377.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26711");
script_xref(name:"URL", value:"https://fedoraproject.org/wiki/Changes/CryptoPolicy");
script_xref(name:"URL", value:"https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules");
script_xref(name:"URL", value:"https://groups.google.com/g/mozilla.dev.tech.nspr/c/zrirzzoOjeg");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.54_release_notes");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.56_release_notes");
script_xref(name:"URL", value:"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nspr, nss, p11-kit, rootcerts' package(s) announced via the MGASA-2020-0377 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox
ESR 78.2. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been exploited to run
arbitrary code (CVE-2020-15673).
Firefox sometimes ran the onload handler for SVG elements that the DOM
sanitizer decided to remove, resulting in a XSS issue due to JavaScript being
executed after pasting attacker-controlled data into a contenteditable element
(CVE-2020-15676).
By exploiting an Open Redirect vulnerability on a website, an attacker could
have spoofed the site displayed in the download file dialog to show the
original site (the one suffering from the open redirect) rather than the site
the file was actually downloaded from (CVE-2020-15677).
When recursing through graphical layers while scrolling, an iterator may have
become invalid, resulting in a potential use-after-free. This occurs because
the function APZCTreeManager::ComputeClippedCompositionBounds did not follow
iterator invalidation rules (CVE-2020-15678).
The firefox package has been updated to the 78.x ESR branch, which brings
significant changes in how CA certificates and smart cards are loaded into
Firefox.
The root CA certificates are no longer statically built into the nss library.
They are loaded dynamically via p11-kit-trust, and therefore may be modified
by the system administrator. Smart card support should be automatically loaded
via p11-kit-trust as well, rather than requiring opensc to be manually loaded.
NSS also now complies with the system crypto policy, which is provided by the
crypto-policies package. See the fedoraproject references for details.");
script_tag(name:"affected", value:"'crypto-policies, firefox, firefox-l10n, nspr, nss, p11-kit, rootcerts' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"crypto-policies", rpm:"crypto-policies~20200813~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox", rpm:"firefox~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-af", rpm:"firefox-af~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-an", rpm:"firefox-an~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ar", rpm:"firefox-ar~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ast", rpm:"firefox-ast~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-az", rpm:"firefox-az~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-be", rpm:"firefox-be~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bg", rpm:"firefox-bg~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bn", rpm:"firefox-bn~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-br", rpm:"firefox-br~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-bs", rpm:"firefox-bs~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ca", rpm:"firefox-ca~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-cs", rpm:"firefox-cs~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-cy", rpm:"firefox-cy~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-da", rpm:"firefox-da~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-de", rpm:"firefox-de~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-devel", rpm:"firefox-devel~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-el", rpm:"firefox-el~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-en_CA", rpm:"firefox-en_CA~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-en_GB", rpm:"firefox-en_GB~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-en_US", rpm:"firefox-en_US~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-eo", rpm:"firefox-eo~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_AR", rpm:"firefox-es_AR~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_CL", rpm:"firefox-es_CL~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_ES", rpm:"firefox-es_ES~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-es_MX", rpm:"firefox-es_MX~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-et", rpm:"firefox-et~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-eu", rpm:"firefox-eu~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fa", rpm:"firefox-fa~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ff", rpm:"firefox-ff~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fi", rpm:"firefox-fi~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fr", rpm:"firefox-fr~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-fy_NL", rpm:"firefox-fy_NL~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ga_IE", rpm:"firefox-ga_IE~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gd", rpm:"firefox-gd~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gl", rpm:"firefox-gl~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-gu_IN", rpm:"firefox-gu_IN~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-he", rpm:"firefox-he~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hi_IN", rpm:"firefox-hi_IN~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hr", rpm:"firefox-hr~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hsb", rpm:"firefox-hsb~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hu", rpm:"firefox-hu~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-hy_AM", rpm:"firefox-hy_AM~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ia", rpm:"firefox-ia~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-id", rpm:"firefox-id~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-is", rpm:"firefox-is~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-it", rpm:"firefox-it~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ja", rpm:"firefox-ja~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ka", rpm:"firefox-ka~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-kab", rpm:"firefox-kab~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-kk", rpm:"firefox-kk~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-km", rpm:"firefox-km~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-kn", rpm:"firefox-kn~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ko", rpm:"firefox-ko~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-l10n", rpm:"firefox-l10n~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lij", rpm:"firefox-lij~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lt", rpm:"firefox-lt~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-lv", rpm:"firefox-lv~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-mk", rpm:"firefox-mk~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-mr", rpm:"firefox-mr~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ms", rpm:"firefox-ms~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-my", rpm:"firefox-my~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nb_NO", rpm:"firefox-nb_NO~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nl", rpm:"firefox-nl~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-nn_NO", rpm:"firefox-nn_NO~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-oc", rpm:"firefox-oc~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pa_IN", rpm:"firefox-pa_IN~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pl", rpm:"firefox-pl~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pt_BR", rpm:"firefox-pt_BR~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-pt_PT", rpm:"firefox-pt_PT~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ro", rpm:"firefox-ro~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ru", rpm:"firefox-ru~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-si", rpm:"firefox-si~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sk", rpm:"firefox-sk~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sl", rpm:"firefox-sl~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sq", rpm:"firefox-sq~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sr", rpm:"firefox-sr~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-sv_SE", rpm:"firefox-sv_SE~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ta", rpm:"firefox-ta~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-te", rpm:"firefox-te~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-th", rpm:"firefox-th~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-tl", rpm:"firefox-tl~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-tr", rpm:"firefox-tr~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-uk", rpm:"firefox-uk~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-ur", rpm:"firefox-ur~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-uz", rpm:"firefox-uz~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-vi", rpm:"firefox-vi~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-xh", rpm:"firefox-xh~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-zh_CN", rpm:"firefox-zh_CN~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"firefox-zh_TW", rpm:"firefox-zh_TW~78.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64nspr-devel", rpm:"lib64nspr-devel~4.29~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64nspr4", rpm:"lib64nspr4~4.29~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64p11-kit-devel", rpm:"lib64p11-kit-devel~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64p11-kit0", rpm:"lib64p11-kit0~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnspr-devel", rpm:"libnspr-devel~4.29~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnspr4", rpm:"libnspr4~4.29~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libp11-kit-devel", rpm:"libp11-kit-devel~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libp11-kit0", rpm:"libp11-kit0~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nspr", rpm:"nspr~4.29~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss", rpm:"nss~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nss-doc", rpm:"nss-doc~3.57.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"p11-kit", rpm:"p11-kit~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"p11-kit-trust", rpm:"p11-kit-trust~0.23.21~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rootcerts", rpm:"rootcerts~20200911.00~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rootcerts-java", rpm:"rootcerts-java~20200911.00~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
advisories.mageia.org/MGASA-2020-0377.html
bugs.mageia.org/show_bug.cgi?id=26711
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.54_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.56_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
fedoraproject.org/wiki/Changes/CryptoPolicy
fedoraproject.org/wiki/Changes/NSSLoadP11KitModules
groups.google.com/g/mozilla.dev.tech.nspr/c/zrirzzoOjeg
www.mozilla.org/en-US/security/advisories/mfsa2020-43/
MGASA-2020-0377
Related
nessus
nessus
Debian DLA-2408-1 : thunderbird security update
2020-10-19 00:00:00
Debian DSA-4770-1 : thunderbird - security update
2020-10-07 00:00:00
Mozilla Firefox ESR < 78.3
2020-09-22 00:00:00
osv
osv
firefox-esr - security update
2020-09-28 00:00:00
thunderbird - security update
2020-10-17 00:00:00
firefox-esr - security update
2020-09-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 78.3.0-alt1
2020-09-25 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 78.3.0-alt1
2020-09-23 00:00:00
redhat
redhat
(RHSA-2020:3833) Important: firefox security update
2020-09-24 09:41:12
(RHSA-2020:4156) Important: thunderbird security update
2020-10-01 12:56:19
(RHSA-2020:4163) Important: thunderbird security update
2020-10-01 14:05:21
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:14502-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:1574-1)
2020-09-30 00:00:00
kaspersky
kaspersky
KLA11964 Multiple vulnerabilities in Mozilla Firefox ESR
2020-09-22 00:00:00
KLA11966 Multiple vulnerabilities in Mozilla Thunderbird
2020-09-22 00:00:00
KLA11963 Multiple vulnerabilities in Mozilla Firefox
2020-09-22 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2020-09-28 00:00:00
Security update for MozillaFirefox (important)
2020-09-29 00:00:00
Security update for MozillaThunderbird and mozilla-nspr (important)
2020-10-31 00:00:00
debian
debian
[SECURITY] [DLA 2387-1] firefox-esr security update
2020-09-28 21:34:41
[SECURITY] [DLA 2408-1] thunderbird security update
2020-10-16 22:50:04
[SECURITY] [DSA 4770-1] thunderbird security update
2020-10-06 20:35:46
gentoo
gentoo
Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities
2020-10-17 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2020-09-30 13:01:40
Updated Thunderbird packages fix security vulnerabilities
2020-09-30 13:01:40
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla
2020-09-22 00:00:00
Security Vulnerabilities fixed in Thunderbird 78.3 — Mozilla
2020-09-22 00:00:00
Security Vulnerabilities fixed in Firefox 81 — Mozilla
2020-09-22 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2020-11-23 00:00:00
thunderbird security update
2020-10-13 00:00:00
firefox security update
2020-11-14 00:00:00
ibm
ibm
threatpost
threatpost
Firefox 81 Release Kills High-Severity Code-Execution Bugs
2020-09-22 15:14:43
archlinux
archlinux
[ASA-202009-10] firefox: multiple issues
2020-09-23 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2020-09-28 00:00:00
amazon
amazon
Critical: thunderbird
2020-12-08 21:30:00
cve
cve
veracode
veracode
Arbitrary Code Execution
2020-09-24 10:29:32
Cross-site Scripting (XSS)
2020-09-24 10:29:33
Open Redirect
2020-09-24 10:29:29
alpinelinux
alpinelinux
prion
prion
Memory corruption
2020-10-01 19:15:00
Design/Logic Flaw
2020-10-01 19:15:00
Design/Logic Flaw
2020-10-01 19:15:00
cvelist
cvelist
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
securelist
securelist
IT threat evolution Q3 2020. Non-mobile statistics
2020-11-20 10:10:15
rosalinux
rosalinux
Advisory ROSA-SA-2021-1835
2021-07-02 16:43:38
7.7 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
77.8%
Related for OPENVAS:13614125623111020200377