Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201514761HistoryApr 19, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2015:1476-1)
2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2015.1476.1");
script_cve_id("CVE-2015-4473", "CVE-2015-4474", "CVE-2015-4475", "CVE-2015-4478", "CVE-2015-4479", "CVE-2015-4484", "CVE-2015-4485", "CVE-2015-4486", "CVE-2015-4487", "CVE-2015-4488", "CVE-2015-4489", "CVE-2015-4491", "CVE-2015-4492", "CVE-2015-4495", "CVE-2015-4497", "CVE-2015-4498");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-02-02T14:37:48+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:48 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("SUSE: Security Advisory (SUSE-SU-2015:1476-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2015:1476-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2015/suse-su-20151476-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox, mozilla-nss' package(s) announced via the SUSE-SU-2015:1476-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities.
- Firefox was updated to 38.2.1 ESR (bsc#943608)
* MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing
canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass
through data URLs
- Firefox was updated to 38.2.0 ESR (bsc#940806)
* MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin
violation and local file stealing via PDF reader
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719,
bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213,
bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0
/ rv:38.2)
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with
malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344,
bmo#1186718) Overflow issues in libstagefright
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared
memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf
when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270,
bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in
XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses.");
script_tag(name:"affected", value:"'MozillaFirefox, mozilla-nss' package(s) on SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Software Development Kit 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~38.2.1esr~45.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-branding-SLE", rpm:"MozillaFirefox-branding-SLE~31.0~14.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~38.2.1esr~45.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~38.2.1esr~45.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~38.2.1esr~45.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo-32bit", rpm:"libfreebl3-debuginfo-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac-32bit", rpm:"libfreebl3-hmac-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo-32bit", rpm:"libsoftokn3-debuginfo-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac-32bit", rpm:"libsoftokn3-hmac-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo-32bit", rpm:"mozilla-nss-certs-debuginfo-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo-32bit", rpm:"mozilla-nss-debuginfo-32bit~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.19.2.0~26.2", rls:"SLES12.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-02 12:10:07
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-10 17:10:07
Security update for MozillaFirefox (important)
2015-08-14 19:10:03
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1528-1)
2021-06-09 00:00:00
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1476-1)
2015-10-16 00:00:00
CentOS Update for firefox CESA-2015:1586 centos6
2015-08-12 00:00:00
nessus
nessus
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:42:03
Arbitrary Code Execution
2019-05-02 05:41:48
Arbitrary Code Execution
2019-05-02 05:41:46
oraclelinux
oraclelinux
firefox security update
2015-08-11 00:00:00
thunderbird security update
2015-08-25 00:00:00
firefox security update
2015-08-27 00:00:00
centos
centos
firefox security update
2015-08-11 20:36:44
thunderbird security update
2015-08-25 22:25:27
firefox security update
2015-08-27 20:56:02
mageia
mageia
Updated firefox packages fixes security vulnerabilities
2015-08-11 23:22:53
Updated thunderbird packages fix security vulnerabilities
2015-08-27 23:49:46
Updated firefox package fixes security vulnerability
2015-08-29 10:53:07
redhat
redhat
(RHSA-2015:1586) Critical: firefox security update
2015-08-11 00:00:00
(RHSA-2015:1682) Important: thunderbird security update
2015-08-25 00:00:00
(RHSA-2015:1693) Critical: firefox security update
2015-08-27 00:00:00
ubuntu
ubuntu
Firefox regression
2015-08-20 00:00:00
Firefox vulnerabilities
2015-08-11 00:00:00
Ubufox update
2015-08-11 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-08-12 00:00:00
firefox: multiple issues
2015-08-28 00:00:00
debian
debian
[SECURITY] [DSA 3333-1] iceweasel security update
2015-08-12 10:24:11
[SECURITY] [DSA 3345-1] iceweasel security update
2015-08-29 04:45:33
[SECURITY] [DSA 3345-1] iceweasel security update
2015-08-29 04:45:33
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:13
Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498)
2018-06-17 22:30:14
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
kaspersky
kaspersky
KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-11 00:00:00
KLA10654 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-27 00:00:00
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-08-11 00:00:00
Buffer overflows on Libvpx when decoding WebM video — Mozilla
2015-08-11 00:00:00
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) — Mozilla
2015-08-11 00:00:00
securityvulns
securityvulns
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-08-11 00:00:00
mozilla -- multiple vulnerabilities
2015-08-27 00:00:00
libvpx -- multiple buffer overflows
2015-08-11 00:00:00
osv
osv
iceweasel - security update
2015-08-29 00:00:00
cvelist
cvelist
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2015-08-29 19:59:00
Design/Logic Flaw
2015-08-29 19:59:00
Buffer overflow
2015-08-16 01:59:00
zdi
zdi
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Firefox < 39.0.3 - pdf.js Same Origin Policy Exploit
2015-09-01 00:00:00
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
Related for OPENVAS:13614125623114201514761