Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201712481HistoryApr 19, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2017:1248-1)
2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
1
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.579 Medium
EPSS
Percentile
97.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2017.1248.1");
script_cve_id("CVE-2016-1950", "CVE-2016-2834", "CVE-2016-8635", "CVE-2016-9574", "CVE-2017-5429", "CVE-2017-5432", "CVE-2017-5433", "CVE-2017-5434", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5437", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5445", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5448", "CVE-2017-5459", "CVE-2017-5460", "CVE-2017-5461", "CVE-2017-5462", "CVE-2017-5464", "CVE-2017-5465", "CVE-2017-5469");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-02-02T14:37:49+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:49 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-08-07 18:44:47 +0000 (Tue, 07 Aug 2018)");
script_name("SUSE: Security Advisory (SUSE-SU-2017:1248-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0|SLES12\.0SP1|SLES12\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2017:1248-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2017/suse-su-20171248-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox, java-1_8_0-openjdk, mozilla-nspr, mozilla-nss' package(s) announced via the SUSE-SU-2017:1248-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Mozilla Firefox was updated to the Firefox ESR release 45.9.
Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes.
Security issues fixed in Firefox (bsc#1035082)
- MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated
code
- MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1
- MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during
XSLT processing
- MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT
processing
- MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library
- MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in
Graphite 2
- MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing
in the editor
- MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling
- MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions
- MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection
- MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM
manipulation
- MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection
- MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames
are sent with incorrect data
- MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing
- MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content
- MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing
application/http-index-format content
- MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes
- MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding
- MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState
destructor during XSLT processing
- MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll
events
- MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs:
- Update to NSS 3.29.5:
* MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and
encoder were fixed.
* MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed.
* CVE-2016-9574: Remote DoS during session handshake when using
SessionTicket extention and ECDHE-ECDSA (bsc#1015499).
* requires NSPR >= 4.13.1
- Update to NSS 3.29.3
* enables TLS 1.3 by default
- Fixed a bug in hash computation (and build with GCC 7 which complains
about shifts of boolean values). (bsc#1030071, bmo#1348767)
- Update to NSS 3.28.3
This is a patch release to fix binary compatibility issues.
- Update to NSS 3.28.1
This is a patch release to update the list of root CA certificates.
* The following CA ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'MozillaFirefox, java-1_8_0-openjdk, mozilla-nspr, mozilla-nss' package(s) on SUSE Linux Enterprise Desktop 12-SP1, SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2, SUSE Linux Enterprise Server for SAP 12, SUSE Linux Enterprise Software Development Kit 12-SP1, SUSE Linux Enterprise Software Development Kit 12-SP2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~45.9.0esr~105.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~45.9.0esr~105.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~45.9.0esr~105.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~45.9.0esr~105.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~45.9.0esr~105.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo-32bit", rpm:"libfreebl3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac-32bit", rpm:"libfreebl3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo-32bit", rpm:"libsoftokn3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac-32bit", rpm:"libsoftokn3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-32bit", rpm:"mozilla-nspr-32bit~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo-32bit", rpm:"mozilla-nspr-debuginfo-32bit~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo", rpm:"mozilla-nspr-debuginfo~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debugsource", rpm:"mozilla-nspr-debugsource~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-devel", rpm:"mozilla-nspr-devel~4.13.1~18.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo-32bit", rpm:"mozilla-nss-certs-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo-32bit", rpm:"mozilla-nss-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-devel", rpm:"mozilla-nss-devel~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit", rpm:"mozilla-nss-sysinit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-32bit", rpm:"mozilla-nss-sysinit-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo", rpm:"mozilla-nss-sysinit-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo-32bit", rpm:"mozilla-nss-sysinit-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.29.5~57.1", rls:"SLES12.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~45.9.0esr~105.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~45.9.0esr~105.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~45.9.0esr~105.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~45.9.0esr~105.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo-32bit", rpm:"libfreebl3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac-32bit", rpm:"libfreebl3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo-32bit", rpm:"libsoftokn3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac-32bit", rpm:"libsoftokn3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-32bit", rpm:"mozilla-nspr-32bit~4.13.1~18.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.13.1~18.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo-32bit", rpm:"mozilla-nspr-debuginfo-32bit~4.13.1~18.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo", rpm:"mozilla-nspr-debuginfo~4.13.1~18.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debugsource", rpm:"mozilla-nspr-debugsource~4.13.1~18.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo-32bit", rpm:"mozilla-nss-certs-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo-32bit", rpm:"mozilla-nss-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit", rpm:"mozilla-nss-sysinit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-32bit", rpm:"mozilla-nss-sysinit-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo", rpm:"mozilla-nss-sysinit-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo-32bit", rpm:"mozilla-nss-sysinit-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.29.5~57.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~45.9.0esr~105.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~45.9.0esr~105.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~45.9.0esr~105.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~45.9.0esr~105.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.121~23.4", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo-32bit", rpm:"libfreebl3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac-32bit", rpm:"libfreebl3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo-32bit", rpm:"libsoftokn3-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac-32bit", rpm:"libsoftokn3-hmac-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-32bit", rpm:"mozilla-nspr-32bit~4.13.1~18.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr", rpm:"mozilla-nspr~4.13.1~18.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo-32bit", rpm:"mozilla-nspr-debuginfo-32bit~4.13.1~18.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debuginfo", rpm:"mozilla-nspr-debuginfo~4.13.1~18.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nspr-debugsource", rpm:"mozilla-nspr-debugsource~4.13.1~18.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo-32bit", rpm:"mozilla-nss-certs-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo-32bit", rpm:"mozilla-nss-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit", rpm:"mozilla-nss-sysinit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-32bit", rpm:"mozilla-nss-sysinit-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo", rpm:"mozilla-nss-sysinit-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo-32bit", rpm:"mozilla-nss-sysinit-debuginfo-32bit~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.29.5~57.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
suse
suse
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (important)
2017-05-11 21:15:07
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (important)
2017-05-04 15:13:58
Security update for Mozilla Firefox (important)
2017-04-25 00:08:46
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1175-1)
2021-06-09 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2017-10, MFSA2017-11) - Windows
2017-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 45.9.0-alt1
2017-04-20 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 52.1.0-alt1
2017-05-02 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1
2017-05-08 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (SUSE-SU-2017:1248-1)
2017-05-12 00:00:00
SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr (SUSE-SU-2017:1175-1)
2017-05-05 00:00:00
Debian DSA-3831-1 : firefox-esr - security update
2017-04-20 00:00:00
ibm
ibm
mageia
mageia
Updated firefox packages fix security vulnerability
2017-04-28 01:21:29
Updated thunderbird packages fix security vulnerability
2017-05-10 23:47:44
debian
debian
[SECURITY] [DLA 906-1] firefox-esr security update
2017-04-21 17:26:13
[SECURITY] [DSA 3831-1] firefox-esr security update
2017-04-19 22:40:29
[SECURITY] [DLA 946-1] nss security update
2017-05-19 13:15:53
osv
osv
firefox-esr - security update
2017-04-21 00:00:00
firefox-esr - security update
2017-04-20 00:00:00
nss - security update
2017-05-19 00:00:00
oraclelinux
oraclelinux
firefox security update
2017-04-20 00:00:00
firefox security update
2017-04-20 00:00:00
thunderbird security update
2017-05-08 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
2017-04-19 00:00:00
Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla
2017-04-30 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla
2017-04-19 00:00:00
redhat
redhat
(RHSA-2017:1104) Critical: firefox security update
2017-04-20 06:59:53
(RHSA-2017:1201) Important: thunderbird security update
2017-05-08 05:16:37
(RHSA-2017:1106) Critical: firefox security update
2017-04-20 08:50:13
centos
centos
firefox security update
2017-04-20 22:44:21
thunderbird security update
2017-05-09 17:01:33
firefox security update
2017-04-20 23:21:25
ubuntu
ubuntu
Thunderbird vulnerabilities
2017-05-16 00:00:00
Firefox regression
2017-05-11 00:00:00
Firefox vulnerabilities
2017-04-21 00:00:00
kaspersky
kaspersky
KLA11007 Multiple vulnerabilities in Mozilla Thunderbird
2017-04-30 00:00:00
KLA11004 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2017-04-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-04-19 00:00:00
NSS -- multiple vulnerabilities
2017-03-17 00:00:00
archlinux
archlinux
[ASA-201704-6] firefox: multiple issues
2017-04-21 00:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-05-07 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2018-02-20 00:00:00
amazon
amazon
Medium: nss-util, nss, nss-softokn
2016-12-15 00:32:00
symantec
symantec
SA137 : NSS Vulnerabilities
2016-12-20 08:00:00
debiancve
debiancve
prion
prion
Design/Logic Flaw
2018-07-19 13:29:00
Design/Logic Flaw
2018-06-11 21:29:00
Format string
2018-06-11 21:29:00
ubuntucve
ubuntucve
redhatcve
redhatcve
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox WebGL Integer Overflow (CVE-2017-5459)
2017-06-20 00:00:00
veracode
veracode
Out-of-bounds Write
2019-05-02 06:10:07
Out-of-bounds Read
2019-05-02 06:10:06
Use After Free
2019-05-02 06:10:00
zdi
zdi
alpinelinux
alpinelinux
CVE-2017-5462
2018-06-11 21:29:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.579 Medium
EPSS
Percentile
97.7%
Related for OPENVAS:13614125623114201712481