SUSE: Security Advisory (SUSE-SU-2023:2849-1)

2023-07-1700:00:00

plugins.openvas.org

suse

security advisory

mozillafirefox

greenbone ag

cve-2023-3482

cve-2023-37201

pdf forms

high-refresh rate monitors

tabs toolbar

webgl performance

local storage

sha-1 signatures

yahoo mail

outlook

print preview

touchpad scrolling

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2023.2849.1");
  script_cve_id("CVE-2023-3482", "CVE-2023-37201", "CVE-2023-37202", "CVE-2023-37203", "CVE-2023-37204", "CVE-2023-37205", "CVE-2023-37206", "CVE-2023-37207", "CVE-2023-37208", "CVE-2023-37209", "CVE-2023-37210", "CVE-2023-37211", "CVE-2023-37212");
  script_tag(name:"creation_date", value:"2023-07-17 11:37:31 +0000 (Mon, 17 Jul 2023)");
  script_version("2024-02-02T14:37:52+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:52 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-07-11 14:28:45 +0000 (Tue, 11 Jul 2023)");

  script_name("SUSE: Security Advisory (SUSE-SU-2023:2849-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP1)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:2849-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20232849-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox, MozillaFirefox-branding-SLE' package(s) announced via the SUSE-SU-2023:2849-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR


New:


Required fields are now highlighted in PDF forms.

Improved performance on high-refresh rate monitors (120Hz+).
Buttons in the Tabs toolbar can now be reached with Tab,
 Shift+Tab, and Arrow keys. View this article for additional
 details.
Windows' 'Make text bigger' accessibility setting now
 affects all the UI and content pages, rather than only
 applying to system font sizes.
Non-breaking spaces are now preserved--preventing automatic
 line breaks--when copying text from a form control.
Fixed WebGL performance issues on NVIDIA binary drivers via
 DMA-Buf on Linux.
Fixed an issue in which Firefox startup could be
 significantly slowed down by the processing of Web content
 local storage. This had the greatest impact on users with
 platter hard drives and significant local storage.
Removed a configuration option to allow SHA-1 signatures in
 certificates: SHA-1 signatures in certificates--long since
 determined to no longer be secure enough--are now not
 supported.
Highlight color is preserved correctly after typing Enter
 in the mail composer of Yahoo Mail and Outlook.
 After bypassing the https only error page navigating back
 would take you to the error page that was previously
 dismissed. Back now takes you to the previous site that was
 visited.
Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
 plain text contexts, such as input and text area.
Added an option to print only the current page from the
 print preview dialog.
Swipe to navigate (two fingers on a touchpad swiped left or
 right to perform history back or forward) on Windows is now
 enabled.
Stability on Windows is significantly improved as Firefox
 handles low-memory situations much better.
Touchpad scrolling on macOS was made more accessible by
 reducing unintended diagonal scrolling opposite of the
 intended scroll axis.
Firefox is less likely to run out of memory on Linux and
 performs more efficiently for the rest of the system when
 memory runs low.
It is now possible to edit PDFs: including writing text,
 drawing, and adding signatures.
Setting Firefox as your default browser now also makes it
 the default PDF application on Windows systems.
Swipe-to-navigate (two fingers on a touchpad swiped left or
 right to perform history back or forward) now works for Linux
 users on Wayland.
Text Recognition in images allows users on macOS 10.15 and
 higher to extract text from the selected image (such as a
 meme or screenshot).
Firefox View helps you get back to content you previously
 discovered. A pinned tab allows you to find and open recently
 closed tabs on your current device and access tabs from other
 devices (via our 'Tab Pickup' feature).
Import maps, which allow web pages ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'MozillaFirefox, MozillaFirefox-branding-SLE' package(s) on SUSE CaaS Platform 4.0, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP Applications 15-SP1.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES15.0SP1") {

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-branding-SLE", rpm:"MozillaFirefox-branding-SLE~115~150000.4.25.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~115.0~150000.150.91.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);