Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201918691HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2019:1869-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
2
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.722 High
EPSS
Percentile
98.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2019.1869.1");
script_cve_id("CVE-2019-11709", "CVE-2019-11711", "CVE-2019-11712", "CVE-2019-11713", "CVE-2019-11715", "CVE-2019-11717", "CVE-2019-11719", "CVE-2019-11729", "CVE-2019-11730", "CVE-2019-9811");
script_tag(name:"creation_date", value:"2021-06-09 14:57:21 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-07-24 16:57:05 +0000 (Wed, 24 Jul 2019)");
script_name("SUSE: Security Advisory (SUSE-SU-2019:1869-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0|SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2019:1869-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2019/suse-su-20191869-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2019:1869-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
CVE-2019-9811: Sandbox escape via installation of malicious language
pack (bsc#1140868).
CVE-2019-11711: Script injection within domain through inner window
reuse (bsc#1140868).
CVE-2019-11712: Cross-origin POST requests can be made with NPAPI
plugins by following 308 redirects (bsc#1140868).
CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
segmentation fault (bsc#1140868).
CVE-2019-11715: HTML parsing error can contribute to content XSS
(bsc#1140868).
CVE-2019-11717: Caret character improperly escaped in origins
(bsc#1140868).
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
(bsc#1140868).
CVE-2019-11730: Same-origin policy treats all files in a directory as
having the same-origin (bsc#1140868).
CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
Added IPSEC IKE support to softoken
Many new FIPS test cases");
script_tag(name:"affected", value:"'MozillaFirefox' package(s) on SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Server Applications 15-SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit-debuginfo", rpm:"libfreebl3-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac-32bit", rpm:"libfreebl3-hmac-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit-debuginfo", rpm:"libsoftokn3-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac-32bit", rpm:"libsoftokn3-hmac-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit-debuginfo", rpm:"mozilla-nss-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit-debuginfo", rpm:"mozilla-nss-certs-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-devel", rpm:"mozilla-nss-devel~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit", rpm:"mozilla-nss-sysinit~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo", rpm:"mozilla-nss-sysinit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.44.1~3.16.2", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~60.8.0~3.51.4", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libfreebl3", rpm:"libfreebl3~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit", rpm:"libfreebl3-32bit~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-32bit-debuginfo", rpm:"libfreebl3-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-debuginfo", rpm:"libfreebl3-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3", rpm:"libsoftokn3~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit", rpm:"libsoftokn3-32bit~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-32bit-debuginfo", rpm:"libsoftokn3-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-debuginfo", rpm:"libsoftokn3-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss", rpm:"mozilla-nss~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit", rpm:"mozilla-nss-32bit~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-32bit-debuginfo", rpm:"mozilla-nss-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs", rpm:"mozilla-nss-certs~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit", rpm:"mozilla-nss-certs-32bit~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-32bit-debuginfo", rpm:"mozilla-nss-certs-32bit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-certs-debuginfo", rpm:"mozilla-nss-certs-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debuginfo", rpm:"mozilla-nss-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-debugsource", rpm:"mozilla-nss-debugsource~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-devel", rpm:"mozilla-nss-devel~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit", rpm:"mozilla-nss-sysinit~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-sysinit-debuginfo", rpm:"mozilla-nss-sysinit-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools", rpm:"mozilla-nss-tools~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozilla-nss-tools-debuginfo", rpm:"mozilla-nss-tools-debuginfo~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~60.8.0~3.51.4", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreebl3-hmac", rpm:"libfreebl3-hmac~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsoftokn3-hmac", rpm:"libsoftokn3-hmac~3.44.1~3.16.2", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Debian DSA-4479-1 : firefox-esr - security update
2019-07-15 00:00:00
openSUSE Security Update : MozillaFirefox (openSUSE-2019-1811)
2019-08-12 00:00:00
Slackware 14.2 / current : mozilla-firefox (SSA:2019-191-01)
2019-07-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 60.8.0-alt1
2019-07-10 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.0-alt1
2019-08-29 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 68.0.1-alt1
2019-07-19 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2019-07-21 00:00:00
Security update for MozillaThunderbird (important)
2019-07-30 00:00:00
Security update for MozillaThunderbird (moderate)
2019-08-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2019-191-01)
2022-04-21 00:00:00
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:1813-1)
2019-07-31 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2019-21, MFSA2019-22) - Windows
2019-07-11 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2019-07-11 00:13:28
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-07-17 00:00:00
Firefox vulnerabilities
2019-07-12 00:00:00
Firefox regressions
2019-07-25 00:00:00
debian
debian
[SECURITY] [DSA 4479-1] firefox-esr security update
2019-07-11 20:56:14
[SECURITY] [DSA 4482-1] thunderbird security update
2019-07-14 20:11:58
[SECURITY] [DLA 1870-1] thunderbird security update
2019-08-02 09:45:59
mageia
mageia
Updated thunderbird packages fix security vulnerability
2019-07-21 21:17:27
Updated firefox packages fix security vulnerability
2019-07-21 21:17:27
Updated firefox packages fix security vulnerability
2019-07-21 21:17:27
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla
2019-07-09 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla
2019-07-09 00:00:00
Security vulnerabilities fixed in Firefox 68 — Mozilla
2019-07-09 00:00:00
kaspersky
kaspersky
KLA11524 Multiple vulnerabilities in Mozilla Thunderbird
2019-07-09 00:00:00
KLA11516 Multiple vulnerabilities in Mozilla Firefox ESR
2019-07-09 00:00:00
KLA11515 Multiple vulnerabilities in Mozilla Firefox
2019-07-09 00:00:00
oraclelinux
oraclelinux
firefox security update
2019-07-11 00:00:00
thunderbird security update
2019-07-15 00:00:00
firefox security update
2019-07-30 00:00:00
redhat
redhat
(RHSA-2019:1777) Important: thunderbird security update
2019-07-15 13:03:54
(RHSA-2019:1775) Important: thunderbird security update
2019-07-15 12:08:34
(RHSA-2019:1765) Critical: firefox security update
2019-07-11 16:58:23
centos
centos
firefox security update
2019-07-12 16:21:53
thunderbird security update
2019-07-17 17:50:04
firefox security update
2019-07-12 16:20:59
osv
osv
thunderbird - security update
2019-07-14 00:00:00
thunderbird - security update
2019-08-02 00:00:00
firefox-esr - security update
2019-08-02 00:00:00
amazon
amazon
Critical: thunderbird
2019-08-08 15:57:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2019-08-16 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2019-08-15 00:00:00
ibm
ibm
freebsd
freebsd
mozilla -- multiple vulnerabilities
2019-07-09 00:00:00
archlinux
archlinux
[ASA-201907-4] firefox: multiple issues
2019-07-17 00:00:00
ubuntucve
ubuntucve
cve
cve
veracode
veracode
Denial Of Service (DoS)
2019-12-11 00:17:25
Arbitrary Code Execution
2019-07-15 00:07:42
Cross-Site Scripting (XSS)
2019-07-15 00:07:42
alpinelinux
alpinelinux
prion
prion
Cross site request forgery (csrf)
2019-07-23 14:15:00
Design/Logic Flaw
2019-07-23 14:15:00
Design/Logic Flaw
2019-07-23 14:15:00
redhatcve
redhatcve
debiancve
debiancve
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.722 High
EPSS
Percentile
98.0%
Related for OPENVAS:13614125623114201918691